Skip to main content

CLOUD SOLUTIONS

  • CLOUD SOLUTIONS
  • FAQ
  • Patch Management FAQ

Patch Management FAQ

This topic aims to provide answers to the most frequently asked questions about the Patch Management module in GravityZone.

Where and how does the Patch Scan task retrieve the list of applicable updates?

The Patch Scan task will be available to be ran on the all the endpoints with the Patch Management module.

The Patch Scan task does not download any updates, but it rather inventories and reports the installed applications and compares the versions and the updates installed to the latest available patches from the update catalog.

Does the Patch Scan task need the endpoints to be connected to the internet?

The Patch Scan task does not need the endpoints to have internet connectivity, as the task just locally inventories the installed software and updates, then it reports back to the GravityZone console.

Can the Patch Management Cache Server provide the resources needed by the endpoints for a Patch Scan?

The Patch Scan task inventories the installed software and updates, submits this information to GravityZone, then GravityZone compares the data to the update catalog.

Does the Path Scan and Patch Install on-demand tasks use the patch download settings defined in Maintenance Windows?

The Patch Scan task runs independently of the settings in  Policies > Configuration Profiles > Maintenance Windows. The Patch Install task will be influenced by this setting as follows:

  • If a Patch Management Cache Server is defined, the endpoint will request the update from that Relay. If the Relay does not have the update downloaded, it will download it from the vendor on the first request.

  • If no Patch Management Cache Server is defined, the endpoint will download the update directly from the vendor's update location.

  • It is not possible to have an empty list in the Maintenance Windows settings and also disable the Use vendors websites as fallback location for downloading the patches option.

Could be interference between the Windows Update Service activities and the BEST Patch Management module’s activities?

Yes.

Is there any feature in GravityZone that disables the Windows Update service?

No.

Is there any best practice, related with the Windows Update Service settings, when Patch Management is implemented?

No.

Is Microsoft patching included?

Yes, Patch Management delivers patches for Microsoft products (OS and other software).

Do you have a list of available patches?

Yes, the list of supported vendors is available here.

How will GravityZone module ensure patches are tested before installing in production?

The Patch Management module enables organizations to set endpoint test groups that allows testing the patches before full launch into productions.

Does Bitdefender test any patches?

The patches are delivered as they are created and made available by the software vendors. Patches are tested by software vendors but testing into controlled environment is recommended for each organization, as each endpoint environment is unique.

Can I select specific patches to install on end points, instead of all missing patches?

These are the main options for installing patches:

  • Install each patch individual (manual task)

  • Install automatically only for specific, trusted, vendors

  • Install security and non-security patches on a separate basis.

Does Patch Management only provides patches or does it also upgrade products?

The module provides only patches (from 1.0 to 1.9, for example). It does not perform upgrades (from 1.9 to 2.0).

In this section: