Patch management settings

To learn how to create a protection plan with the Patch management module, refer to "Creating a protection plan". By using the protection plan, you can specify which updates for Microsoft products and other third-party products for Windows OS to automatically install on the defined machines.

The following settings can be specified for the Patch management module.

Microsoft products

To install the Microsoft updates on the selected machines, enable the Update Microsoft products option.

Select which updates you want to be installed:

  • All updates
  • Only Security and Critical updates
  • Updates of specific products: you can define custom settings for different products. If you want to update specific products, for each product you can define which updates to install by category, severity, or approval status.

Windows third-party products

To install the third-party updates for Windows OS on the selected machines, enable the Windows third-party products option.

Select which updates you want to be installed:

  • Only major updates allows you to install the latest available version of the update.
  • Only minor updates allows you to install the minor version of the update.
  • Updates of specific products: you can define custom settings for different products. If you want to update specific products, for each product you can define which updates to install by category, severity, or approval status.

Schedule

Define the schedule according to which the updates will be installed on the selected machines.

Schedule the task run using the following events:

  • Schedule by time – The task will run according to the specified time.
  • When user logs in to the system – By default, a login of any user will start the task. You can modify this setting so that only a specific user account can trigger the task.

  • When user logs off the system – By default, a logoff of any user will start the task. You can modify this setting so that only a specific user account can trigger the task.

    The task will not run at system shutdown. Shutting down and logging off are different events in the scheduling configuration.

  • On the system startup – The task will run when the operating system starts.
  • On the system shutdown – The task will run when the operating system shuts down.

Default setting: Schedule by time.

Schedule type:

  • Monthly – Select the months and the weeks or days of the month when the task will run.
  • Daily – Select the days of the week when the task will run.
  • Hourly – Select the days of the week, repetition number, and the time interval in which the task will run.

Default setting: Daily.

Start at – Select the exact time when the task will run.

Run within a date range – Set a range in which the configured schedule will be effective.

Start conditions – Define all conditions that must be met simultaneously for the task to run.

Start conditions for antimalware scans are similar to the start conditions for the Backup module that are described in Start conditions. You can define the following additional start conditions:

  • Distribute task start time within a time window – This option allows you to set the time frame for the task in order to avoid network bottlenecks. You can specify the delay in hours or minutes. For example, if the default start time 10:00 AM and the delay is 60 minutes, then the task will start between 10:00 AM and 11:00 AM.
  • If the machine is turned off, run missed tasks at the machine startup
  • Prevent the sleep or hibernate mode during task running – This option is effective only for machines running Windows.
  • If start conditions are not met, run the task anyway after – Specify the period after which the task will run, regardless of the other start conditions.

Pre-update backup

Run backup before installing software updates – the system will create an incremental backup of machine before installing any updates on it. If there were no backups created earlier, then a full backup of machine will be created. This will allow you to roll back to the previous state in case of patch installation failure. For the Pre-update backup option to work, the corresponding machines must have both the Patch management and the Backup module enabled in a protection plan and the items to back up – entire machine or boot+system volumes. If you select inappropriate items to back up, then the system will not allow you to enable the Pre-update backup option.