Find the desired product help

View and Manage Patches for Windows and 3rd Party Applications


Click 'Devices' > 'Device List' > click on a Windows device > Click ‘Patch Management

    • Windows and 3rd party applications have to be kept up-to-date to protect them from vulnerabilities.
    • The details page of each device has a patch management tab which lets you view and install available patches. You can install multiple patches on a device simultaneously.
    • This section tells you how to patch individual devices via the 'Device Details' screen.
    • Alternatively, there is a full patch management interface at 'Applications' > 'Patch Management'. Go here if you want to manage patches on multiple devices. See 'Patch Management' in this guide for help with this area.

    Note: Hidden OS patches are not visible in a device's patch management screen. You can hide/unhide them in the full patch management interface at 'Applications' > 'Patch Management' > 'Operating System' tab.


    Process in brief

    • Click 'Devices' > 'Device List'
    • Click the name of a Windows device to open its details page
    • Select the 'Patch Management' tab
    • Choose the patches you want to install from the 'Operating System' and 'Third Party' tabs
    • Click 'Install Patches'. Each tab has a separate install button.
     



    • Operating System - Shows all installed and pending OS patches for the device. Additional details are available for each patch, including classification, severity, release date, installation status and knowledgebase articles.
    • Third Party Applications – Shows applications on the device for which updates are available. The version numbers of the currently installed version and the latest available version are shown. The 'severity' column tells you the importance of the update.
     
    View Windows patches available for a device
    • Click 'Devices' > 'Device List'
    • Click the 'Device Management' tab above the control buttons
    • Click the name of a Windows device to open its details page
    • Select the 'Patch Management' tab 
    • Click the 'Operating System' tab

    Note:

    • The 'Operating System' tab only shows Windows patches which are relevant to a device.



      Operating System Patches - Column Descriptions

      Column Heading

      Description

      Title

      The descriptive name of the patch.

      KB

      The Microsoft knowledgebase article for the patch.

      • Click the number to view the article.
      CVE The common vulnerabilities and exposures (CVE) entry number. Click the number to view details such as summary, vulnerability type, published date, vendor, affected devices and more.
      Bulletin The Microsoft bulletin number that contains details about the patch.
      • Click the number to view the bulletin page.
      Classification

      The category of the patch. The possible values are:

      • Update - Fixes a specific, non-critical problem. This type of patch does not address security-related bugs.
      • Definition update - Updates to a product's internal database. For example, an update to the virus signature database for Windows Defender.
      • Critical Update - Fixes a specific, critical OS problem or a critical security-related bug
      • Security update - Fixes a version specific, security related vulnerability
      • Update rollup - A collection of updates, hotfixes, security updates and critical updates packaged together for easy deployment. These updates generally target a specific Windows component.
      • Driver - Adds software for controlling peripherals or add-on devices that could be connected to the endpoint
      • Feature pack - Adds new functionality distributed after an OS release.
      • Service pack - Contains a collection of updates, hotfixes, security updates, critical updates and additional fixes.
      • Tool - Installs a utility or feature for a specific task or a set of tasks.
      • Upgrades - Updates the Windows OS version on the endpoint to the latest build.
      Severity

      The criticality of the patch. The severity levels are:

      • Critical
      • Important
      • Low
      • Moderate
      • Unspecified
       Reboot

      Whether or not the endpoint requires a restart to complete the patch installation.

      Release Date

      The date on which the patch was released by Microsoft.

       Status

      Whether the patch has been installed on the device or not.

      • Available – The patch is yet to be installed on the device
      • Installed – The patch is already installed
      • Reboot pending – The patch is installed but the device needs to be restarted for the patch to take effect.

      Controls

      Install Patch(es)

      Add a monitor to the profile. See the explanation above for help with this.

      Uninstall Patch(es)

      Remove previously installed patches or updates from the device. See Uninstall patches from a device for more details.

      Check Available Updates

      Refresh patch inventory with the latest updates available for the device.


      • Click any column header to sort the items in ascending/descending order of entries in that column
      • Click the funnel icon  on the right to filter patches by various criteria, including by severity, by whether a patch is available, or by patch installation status

      Install missing patches on the device


      Note – Make sure the missing patches are approved in ‘Applications’ > ‘Patch Management’ > ‘Operating System’
      • Click 'Devices' > 'Device List'
      • Click the 'Device Management' tab above the control buttons
      • Click the name of a Windows device to open its details page
      • Select the 'Patch Management' tab
      • Click the 'Operating System' tab
      • Identify patches with 'Available' status
      • Click the funnel icon on the right
      • Select 'Available' from the 'Status' drop-down
      • Click 'Apply'
      • Select the patches you want to install
      • Click 'Install Patch(es)':




      • Total number of devices outside of maintenance window – The number of devices that are not part of a maintenance window. The patches can run on these devices.
      • Number of devices blocked by maintenance windows settings – The number of devices on which you cannot run the patches because the admin has blocked patch installation outside of the maintenance window.
      • Number of devices warned by maintenance window settings – The number of devices that are part of a maintenance window and have warnings enabled. You can still run the patches on these devices.
      • Skip devices warned by maintenance windows settings – A maintenance window is a time-slot reserved for running important tasks on target devices. Admins can enable a warning if somebody attempts to run a patch installation outside of the window. This setting will skip those devices which have been added to a maintenance window with warnings enabled.
      • Click 'OK'.
       

      A command will be sent to install the selected patches.

       

      Uninstall patches and Windows updates from the device

      • Click 'Devices' > 'Device List'
      • Click the 'Device Management' tab above the control buttons
      • Click the name of a Windows device to open its details page
      • Select the 'Patch Management' tab
      • Click the 'Operating System' tab
      • Identify patches and updates with 'Installed' status
      • Click the funnel icon on the right
      • Select 'Installed' from the 'Status' drop-down
      • Click 'Apply'
      • Select the items you want to uninstall
      • Click 'Uninstall Patch(es)':


      • Click 'OK' in the confirmation dialog


      View 3rd party application patches available for a device

      • Click 'Devices' > 'Device List'
      • Click the 'Device Management' tab above the control buttons
      • Click the name of a Windows device to open its details page
      • Click the 'Patch Management' tab then 'Third Party Applications':


       

      Third Party Applications - Column Descriptions

      Column Heading

      Description

      Software Name

      The label of the third party application.

      Vendor

      The software publisher.

      Software Category

       The type of the application. Possible values include:

      • Comodo Products
      • Runtime applications
      • Web Browsers
      • Utilities
      • Messaging
      • File Compression utilities
      • Developer Tools
      • Documents
      • Online Storage
      • Other

      Installed Version

      The version number of the application currently installed on the endpoint.

      Installed Date

      The date on which the application was installed on the endpoint.

      Latest Version Available

      The version number of the latest version of the application that is available from the publisher.

      Severity

      Indicates the level of severity of the update as determined by Microsoft. The severity levels are:

      • Unspecified
      • Critical
      • Important
      • Low
      • Moderate

      Release Date

      The date at which the latest version of the application was released.

      Controls

      Install Patch(es)

      Remotely install selected patches on the device. See Install 3rd party application patches on a device for more details.


      See 'EM Supported 3rd Party Applications' to view the full list of applications that can be updated.

      Install 3rd party application patches on a device


      Only approved / auto-approved 3rd party application patches are installed. See approve in Install 3rdParty Application Patches on Windows Endpoints for more details.

      • Click 'Devices' > 'Device List'
      • Click the 'Device Management' tab above the control buttons
      • Click the name of a Windows device to open its details page
      • Select the 'Patch Management' tab then open 'Third Party Applications'
      • Choose the patches you want to install
      • Click the 'Install Patch(es)' button
      • Select 'Update to the latest version' or 'Update to specific version' as required



      • Click 'Send'
      • Click OK in the confirmation dialog:



      • A command will be sent to the endpoint to install the patch:



      • Once the command is received, the communication client (CC) on the endpoint will check whether the update is available on any other devices in the network.
      • If available, CC downloads the patch from the other device over a peer-to-peer connection. This reduces bandwidth consumption and speeds up the deployment process. 
      • If the update is not available on the local network, CC downloads the update from the EM patch portal.