Patch Management for Windows

Identify and automate software update patches, ensuring your applications are always up to date.

RM65.81

30-day money-back guarantee

What is Patch Management?

What is Patch Management?

Patches are software and operating system updates that address security vulnerabilities within an application. Software vendors constantly release patches to fix vulnerabilities and provide enhanced security features. Patching can be complex and time consuming, but ignoring software updates isn’t an option.

If patches are not installed in a timely manner, networks can be severely compromised. Patch Management solves these issues by making it easy to identify and deploy critical patches, and monitor ongoing activity from a central cloud management console.

How It Works

1. Scan devices

1. Scan devices

Schedule automatic patch scans. Select from daily, weekly or monthly options.

2. Deploy patches

2. Deploy patches

Patches will be deployed automatically for all software applications. You can easily exclude any application that you don’t want patched.

3. Review dashboard

3. Review dashboard

Easily see the status of all your patches, including missing patches and severity level.

Why is patch management important?

Why is patch management important?

Patches are typically created in response to security vulnerabilities and other software issues. By ensuring that devices are updated, your business will be less open to security threats and running on the most stable software versions available.

Windows patch management automates this process to ensure your system is kept up-to-date and that every device is running the latest software.

Patch management benefits

Security

Security

Applying patches regularly will ensure your company network is protected from known security vulnerabilities.

Efficiency

Efficiency

Applying updates to every endpoint on a network can be time-consuming. If users are responsible for updating their own devices, this could result in significant cumulative downtime. Patch management software automates this process and can ensure that systems are updated outside of peak working hours.

Compliance

Compliance

Knowing that endpoints have been patched makes sure that your business is adhering to regulatory measures and operating to expected industry standards.

Optimization

Optimization

As well as patching vulnerabilities, updates can provide improvements to software features and functionality, allowing your organization to work with the best version of the tools available.

Patch management best practices

Create a patch management policy

Create a patch management policy

Scanning for and implementing missing patches should be scheduled for times when they will cause the least disruption for staff.

Prioritize patches

Prioritize patches

Many companies will release patches at a set time each week or month. While these should be implemented swiftly, priority should be given to critical system patches that are issued to fix urgent security vulnerabilities.

Backup

Backup

Sometimes patches can cause compatibility issues with existing software. Keeping backups allows for rollbacks should an issue occur, minimizing the risk of downtime.

Use patch management as part of a multi-layered security approach

Use patch management as part of a multi-layered security approach

Patch management should be used in conjunction with antivirus, malware, and vulnerability scanners as part of a holistic security strategy to ensure that endpoints remain protected from threats.

Powerful features to keep your applications protected

check white

Flexible deployment schedules Schedule and deploy approved patches at desired times, or manually deploy to groups or individual devices.

check white

Customizable patches Choose software vendors, products, and the severity of patches to scan and install. Easily create exclusions for applications.

check white

Update Agent capabilities Download all missing patches to a Update Agent (selected device) that seamlessly distributes patches to all managed devices in the network.

check white

Automatic scans Schedule patch scans to run automatically either daily, weekly, or monthly at the desired Start time. Flexible deployment schedules can be used to manage missing patches.

check white

Intuitive dashboard Manage all software patches and view graphical summaries of installed, missing, or failed patches from any device.

check white

Thousands of patches Deploy patches for Windows operating systems and thousands of third-party software applications for comprehensive protection.

check white

Patch scan results View detailed results from a single platform that includes information on missing patches, severity levels, knowledge base links, release dates, descriptions, and more.

Get Patch in our Cloud Management Console

Manage your AVG endpoint protection solutions from one central platform. Patch Management can only be managed from the console.

Learn more about the Management Console

money back blue badge 30-day money-back guarantee

Why is patch management important?

Compatible applications

Our patch selection includes thousands of compatible applications such as Windows operating systems and other third-party software, such as Zoom, Adobe Acrobat, Salesforce, and Dropbox.

Download the full list

Frequently Asked Questions

Should I turn off Windows Update before using Patch Management?

No, you should not disable the Windows Update service, but it is highly recommended that you change the Windows Update settings for your devices via the Windows Update Center and/or Group Policy so Patch Management can provide updates. The Windows Update settings should be set to Manual to successfully deploy patches. In addition, the Windows Update setting on each target machine (Control Panel > System and Security > Windows Update > Change settings) should be set to Never check for updates.

How do I set up a patch schedule for groups and/or devices?

You can set your patch schedule in the Cloud management console: Policies > Select Policy > Service Settings > Patch Management. All devices or groups under the Patch Management policy will follow the schedule you set.

What is the difference between the Patches page and the Devices page?

The Patches page provides and overview of missing patches, scheduled patches, patches pending a restart, and more - for both OS patches and third-party patches. The Devices page provides a list of your devices, the Status & Alerts for each device, the services installed on the device, and more.

Can I see the patch status for all my managed devices?

Yes. You can see detailed information on the severity of missing or installed patches with vendors, and software applications.

Where can I see how many devices are licensed for patches?

You will be able to see how many devices are licensed for patch updates under the ‘Subscriptions’ section in the console.

Why are my Mac OS X devices not being patched?

We are planning to support Patch Management software for Mac OS X devices at a later time.

Why are some devices not patched even after the patches have been deployed?

This could be due to the following reasons:

1. The patch is currently being installed on those devices and will sync with the console after the installation is complete.
2. The patch failed to install and will be scheduled for a reinstall based on your patch deployment schedule.
3. The device is currently offline.

Where can I modify the patch schedule and add exclusions?

You can modify the patch deployment schedule by going to Policies > Select Policy > Service Settings > Patch Management. You can set exclusions by going to Policies > Select Policy > Exclusions.

Can I patch all my devices in a single action?

Yes, you can manually deploy patches to individual devices and groups of devices in one action.

What statuses do patches have?

Patches will be marked as one of the following:

  • Scheduled - when the Patch is scheduled using Policies
  • Missing - after a Patch Scan has completed and found missing patches
  • Ignored - possible reasons will be excluded due to settings, manually excluded
  • Deploying - progress will show the state of deployment, whether it’s downloading, installing, waiting for restart, or waiting for verification
  • Failed to deploy - possible reasons will be unable to download patch file, downloaded patch file validation failed, or patch installation failed
  • Deployed - when the Patch has been successfully deployed to the device via either manual or scheduled patching.

How long does it take to patch a device?

It could take from a few seconds to hours. The time depends on the size and number of patches that are being downloaded, the software application it is updating, and the hardware of the device. We recommend scheduling patch updates at times that are the least busy for your business to minimize downtime.

Will my device that is set as the Update Agent download patches and deploy to my devices?

Yes. To save bandwidth, the device you have selected as the Update Agent will be used to download and store the software application patches and will distribute them to devices on the network. If you do not have Update Agent selected, each device will download the software application patch directly from the internet. This is not recommended as it can slow your internet speed, potentially disrupting the performance of cloud-based applications.

What else can I do to protect my business network?

AVG Internet Security Business Edition protects your business endpoints, email, and network from ransomware, spam, and phishing – and is Windows compatible. Your protection and settings can be monitored and managed through AVG Cloud Management Console from one central console.

Identify and automate software update patches, ensuring your applications are always up to date.

RM65.81

30-day money-back guarantee