Skip to main content

Patch Management

The Patch Management module releases you from the burden of keeping the endpoints updated with the latest software patches, by automatically distributing and installing patches for a vast variety of products.

Note

This module is available for:

  • Windows for workstations

  • Windows for servers

  • macOS

  • The following Linux distributions: CentOS, RHEL, and SLE. For details, refer to Patch Management.

Note

Availability and functioning of this feature may differ depending on the license included in your current plan.

The Patch Management section in the policy settings displays the assigned maintenance window that controls automatic patch assessment and installation.

Before assigning it, you need to have a maintenance window configured. For details on the Patch Management module and maintenance windows configuration, refer to Maintenance windows.

Assigning a maintenance window to a policy

To apply Patch Management settings into your network, you need to assign the maintenance window to a policy.

This is how you assign the maintenance window to a policy:

  1. Go to the Policies page in the left side GravityZone menu.

  2. Click Add to create a new policy, or open an existing one to edit it.

  3. In the Patch Management section, under Maintenance windows, make a selection from the drop-down list.

    The list includes all the maintenance windows created by you and other users, if they have shared permissions.

    policies_patch_management_cp_139749_en.png

    If no maintenance window is available in the list, a Create window button is visible.

    policies_patch_management_create_cp_139749_en.png

    Click the button to quickly create a window with basic settings, which only include patch scanning. To edit the window and add other capabilities, such as patch installation, go to the Policies > Configuration profiles in the GravityZone main menu.

    policies_patch_management_window_cp_139749_en.png
  4. Click Save to confirm the action.

Once the maintenance window assigned to the policy, the Patch Management section will display a summary that includes:

  • Maintenance window name

  • Target operations (Scan for patches or Apply patches)

  • Patch scope (Security, Non-security, or Manually approved)

  • Recurrence

  • Reboot details

You can assign only one maintenance window per policy. To assign the same maintenance window to multiple policies, you must edit each policy one by one.

To remove a maintenance window from a policy:

  1. Under to Maintenance windows, select No maintenance window selected from the drop-down list.

  2. Confirm your action.

  3. Click Save,

    The maintenance window is removed and the Patch Management module becomes inactive.

To learn how to manually install, uninstall, scan for patches and take various other actions, refer to Patch Inventory.