Patch Management FAQ
This topic provides answers to the most frequently asked questions about the Patch Management module in GravityZone.
How does the Patch Scan task retrieve the list of applicable updates?
The Patch Scan task is designed to make an inventory of the installed applications on a system and report it to GravityZone. It compares the installed versions and updates to the latest available patches from the update catalog. It does not download any updates.
Does the Patch Scan task require internet connectivity to function properly?
No. The Patch Scan task does not require that endpoints have internet connectivity, because it performs a local inventory of installed software and updates, and then reports the findings to the GravityZoneControl Center.
Does the Patch Management Cache Server provide the patch information needed by endpoints for a Patch Scan?
The Patch Scan task inventories the installed software and updates, and submits this information to GravityZone, which then compares the data to the update catalog.
Do the on-demand tasks (Patch Scan and Patch Install) use the patch download settings defined in maintenance windows?
The Patch Scan task runs independently of the settings in Policies > Configuration Profiles > Maintenance windows.
The Patch Install task is influenced by this policy setting in the following ways:
If a Patch Caching Server is defined, the endpoint will request the update from that Relay. If the Relay does not have the update downloaded, it will download it from the vendor on the first request.
If no Patch Caching Server is defined, the endpoint will download the update directly from the vendor's update location.
You should either have a Maintenance window set up, or the following option enabled: Use vendors websites as fallback location for downloading the patches.
Can there be interference between the activities of the Windows Update Service and the Bitdefender Endpoint Security ToolsPatch Management module?
Yes.
Does GravityZone have a feature to disable the Windows Update service?
No.
Is there a best practice related to the configuration of Windows Update Service when implementing Patch Management?
No.
Does Patch Management cover Microsoft patches?
Yes, Patch Management delivers patches for Microsoft products (OS and other software).
Do you have a list of available patches?
Yes, the list of supported vendors is available here.
How will Patch Management ensure patches are tested before installing in production?
You can set endpoint test groups, which allows for testing before full launch in production environments.
Does Bitdefender test any patches?
The patches are delivered as they are released by the software vendors. Patches are tested by software vendors but testing in a controlled environment is recommended for each organization, as each endpoint environment is unique.
Can I select specific patches to install on endpoints?
These are the main options for installing patches:
Install each patch individually (manual task).
Install patches by category (security and non-security).
Automatically install patches (only available for specific/trusted vendors).
Does Patch Management only provide patches or does it also upgrade products?
The module provides only software patches and updates. It does not perform upgrades.