This site is for Avast Business products only. For articles on AVG Business products, see AVG Business Help. If you are in the right place but cannot find what you are looking for, please contact Avast Business Support for further assistance.

Deploying Missing Patches

This Article Applies to:

  • Avast Business Hub

 

Once your devices have been scanned, any missing patches will be displayed on the Patches page of your console. You can then deploy these patches manually from the Devices or the Patches page, or set up automatic patching using your policies. Note that some patches can take hours to deploy, particularly if a patch is large and/or if you host a large number of devices in your network.

By default, all patches found missing during a patch scan will be included in patch deployment. If needed, you can omit certain patches from being deployed to devices by either ignoring them manually or adding them to patch exclusions. For more information, see Ignoring Patches and Configuring Patch Management Exclusions.

Automatic Patching

Configuring patch deployment via policies will enable automatic deployment of missing patches on a recurring basis.

In the policy you would like to edit, click the Service Settings tab. Then click Patch Management, and expand the Patch scans and deployments section. In policies, you can choose from the following options for automatic deployment once a patch scan has completed on the device:

  • Do not install patches (the missing patches will need to be installed manually)
  • Install patches immediately once found missing (note that the patches might first go into the Scheduled status before being downloaded and installed)
  • Install patches later: 
    • Frequency (daily, weekly, or monthly)
      • If you decide on monthly installations, please ensure the day of the month you’ve chosen occurs every month (for example, do not choose the 31st day of the month unless you specifically want to skip installing on months without 31 days)
    • Start time (a specific time of day you would like the installation to take place, down to the hour and minute)

It is recommended you configure your patch deployment to occur after patch scanning so any missing patches are deployed as soon as possible.

If you are using an Update Agent, that device will be used to store the application and OS patches and will distribute them to devices on the network (the same as program and virus definitions update file distribution).

Ad Hoc Patching

If you would like to deploy patches manually, you can do so on either the Devices page or the Patches page. The process is similar for both pages.

Devices Page

  1. Navigate to the Devices page
  2. Do one of the following:
    • For a single device, click the More button beside the device and click Install missing patches
    • For multiple devices, select the check boxes beside the device(s), click the More button at the top right, then click Install missing patches

Patches Page

  1. Navigate to the Patches page
  2. Click either Pending OS patches or Pending third-party patches at the top left for which type of patches you want to install
  3. Do one of the following:
    • For a single patch, click the Install button to the right of the patch name in the table
    • For multiple patches, select the check boxes beside the patch(es) and click Install at the top right of the table
    • For all patches, click Install all at the top right of the table

Wait while the patch deployment command runs on the target device(s). Successfully deployed patches will be displayed on the Patches page under the proper filter.

 

To learn more about the differences between enabling automatic patch deployment and performing the deployment manually, see Automatic vs. Ad Hoc Patching.

 

Other Articles In This Section:

Scanning Devices for Missing Patches

Related Articles:

Automatic vs. Ad Hoc Patching

Ignoring Patches

Configuring Patch Management Exclusions