Patch management

The availability of this feature depends on the service quotas that are enabled for your account.

Use the patch management functionality to:

install OS-level and application-level updates
approve patches manually or automatically
install patches on-demand or according to a schedule
precisely define which patches to install by different criteria: severity, category, and approval status
perform pre-update backup to prevent possible unsuccessful updates
define the reboot action after patch installation

Cyber Protection introduces peer-to-peer technology to minimize network bandwidth traffic. You can choose one or more dedicated agents that will download updates from the Internet and distribute them among other agents in the network. All agents will also share updates with each other as peer-to-peer agents.

How it works

You can configure either automatic or manual patch approval. In the scheme below, you can see the automatic and manual patch approval workflows.

First, you need to perform at least one vulnerability assessment scan by using the protection plan with the Vulnerability assessment module enabled. After the scan was performed, the lists of found vulnerabilities and available patches are composed by the system.
Then, you can configure the automatic patch approval or use manual patch approval approach.
Define how to install patches – according to a schedule or on-demand. There are three alternative ways to install patches on-demand:
- Go to the list of patches (Software management > Patches) and install the necessary patches.
- Go to the list of vulnerabilities (Software management > Vulnerabilities) and start the remediation process which includes patch installation.
- Go to the list of devices (Devices > All devices), select the particular machines that you want to update, and install the patches on them.

You can monitor the results of the patch installation in Dashboard > Overview > Patch installation history widget.