Skip to main content


Patch Management FAQ

This topic aims to provide answers to the most frequently asked questions about the Patch Management module in GravityZone.

The Patch Scan task will be available to be ran on the all the endpoints with the Patch Management module.

The Patch Scan task does not download any updates, but it rather inventories and reports the installed applications and compares the versions and the updates installed to the latest available patches from the update catalog.

The Patch Scan task does not need the endpoints to have internet connectivity, as the task just locally inventories the installed software and updates, then it reports back to the GravityZone console.

The Patch Scan task inventories the installed software and updates, submits this information to GravityZone, then GravityZone compares the data to the update catalog.

The Patch Scan task runs independently of the settings in  Policies > Configuration Profiles > Maintenance Windows. The Patch Install task will be influenced by this setting as follows:

  • If a Patch Management Cache Server is defined, the endpoint will request the update from that Relay. If the Relay does not have the update downloaded, it will download it from the vendor on the first request.

  • If no Patch Management Cache Server is defined, the endpoint will download the update directly from the vendor's update location.

  • It is not possible to have an empty list in the Maintenance Windows settings and also disable the Use vendors websites as fallback location for downloading the patches option.

Yes, Patch Management delivers patches for Microsoft products (OS and other software).

Yes, the list of supported vendors is available here.

The Patch Management module enables organizations to set endpoint test groups that allows testing the patches before full launch into productions.

The patches are delivered as they are created and made available by the software vendors. Patches are tested by software vendors but testing into controlled environment is recommended for each organization, as each endpoint environment is unique.

These are the main options for installing patches:

  • Install each patch individual (manual task)

  • Install automatically only for specific, trusted, vendors

  • Install security and non-security patches on a separate basis.

The module provides only patches (from 1.0 to 1.9, for example). It does not perform upgrades (from 1.9 to 2.0).