Manage OS Patches on Windows Endpoints
Click 'Software Inventory' > 'Applications' > 'Patch Management' > 'Operating System' tab
-
The operating system tab lets you deploy and manage OS updates on Windows devices.
-
Xcitium checks Microsoft update servers for available Windows patches and lists them in the interface. You can deploy patches to devices as required. You can also uninstall patches from devices if required.
-
Patches need to be approved for deployment. You can choose to decline / approve patches. By default, patches are automatically approved.
-
The interface shows details about each patch, including patch classification, the Windows component to which it applies, release date, severity, previous versions, Microsoft bulletins and number of endpoints which require the patch.
-
You can filter patches by device groups.
-
You can hide patches if you do not want to deploy them. Hidden patches will not be available for deployment in the 'Device Management' screen and will not be executed if added to a patch procedure.
-
You can also create procedures to deploy operating system and 3rd party application patches. The procedures can be added to profiles to automatically install any new patches.
-
You can also generate reports on the current patch status of your Windows devices.
Manage operating system patches
-
Click 'Software Inventory' > 'Applications' > 'Patch Management'
-
Select the 'Operating System' tab
-
Select a group to view updates for its devices
Or
-
Select 'Show all' to view every available Windows updates
Column Heading |
Description |
---|---|
Title |
The descriptive name of the patch.
|
KB |
The knowledgebase article number that describes the patch.
|
Bulletin |
The Microsoft Bulletin number that contains details about the patch release.
|
Classification |
The category of the patch. The possible values are:
|
Product |
The Windows component to which the patch applies. |
Severity |
The criticality of the patch. The possible levels are:
|
Status |
Indicates whether the patch is ready for deployment. The statuses are:
|
Reboot |
Whether or not the endpoint requires a restart to complete the patch installation. |
Not Installed |
The number of managed endpoints on which the patch is yet to be installed.
|
Installed |
The number of managed endpoints on which the patch has already been installed.
|
Release Date |
The date on which the patch was released by Microsoft. |
Controls |
|
Install Patch(es) |
Deploy selected patches to all devices on which
they are yet to be installed. |
Uninstall Patch(es) |
Remove selected patches from all devices on
which they are installed. |
Hide Patch(es) |
Conceal selected patches that you do not want
to be deployed onto enrolled endpoints. |
Unhide Patch(es) |
Reveal all hidden patches. |
Export |
Generate current patch statuses for the devices. See Generate Patch Statuses Report. |
Create Patch Procedure |
Add a new procedure capable of auto-installing
patches on your endpoints. The procedure can be added to a profile and scheduled to install specific updates at specific times. See Create a New Patch Procedure for more. |
Schedule Patch Procedure |
Takes you to the 'Profiles' interface in
Xcitium. |
Show hidden patch(es) |
Reveal all hidden patches so they can be potentially deployed. |
Approve |
Only permitted patches are installed. See Approve / decline a Windows OS patch for more details. |
Decline |
Unapproved patches are not installed. See Approve / decline a Windows OS patch for more details. |
Auto Approve |
You can set the patches to be automatically approved.
|
-
Click any column header to sort the items in ascending/descending order of the entries in that column.
The 'Operating System Patch Management' interface allows you to:
-
Click 'Software Inventory' > 'Applications' > 'Patch Management'
-
Select the 'Operating System' tab
-
Select a group to view the list of patches and Windows updates available for its devices
Or
-
Select 'Show all' to view a list of all available patches and Windows updates
-
Click the name of a patch to open its patch details screen.
The details of the patch are displayed under six tabs:
-
General - Shows the name and general description, version number, severity as set by the vendor, release date and a link to the knowledgebase (KB) article for the patch release
-
Vendor - Indicates the publisher of the patch, with a link to the support page for the patch from the vendor
-
Supercedes - Contains information on previous patches that are replaced by this patch
-
Bulletin - Contains the Bulletin ID and a short summary of the bulletin published by the vendor for the patch
-
CVE IDs - Displays the Common Vulnerabilities and Exposure (CVE) Identity numbers set for the patch by the vendor
-
Device List - The list of managed Windows endpoints with the installation status of the patch on them. You can install the patch on selected the endpoints from the list. See Install a patch on selected endpoints for more details.
-
You can hide those patches that you do not want to be rolled out to the endpoints, from the list.
-
These patches will also be not available for deployment from the 'Device Management' screen and will not be executed as well if added to a patch procedure.
-
You can view the hidden patches by using the 'Show hidden patch(es) toggle button and install these patches onto endpoints.
Hide unwanted patch(es)
-
Click 'Software Inventory' > 'Applications' > 'Patch Management'
-
Select the 'Operating System' tab
-
Select a group to view the list of patches and Windows updates available for its devices
Or
-
Select 'Show all' to view a list of all available patches and Windows updates
-
Select the patch(es) you want to hide and click 'Hide Patch(es)'
To view the hidden patches again, you have to unhide them.
-
Restored patches will also be available for installation in 'Device Management' the interface and can be added to a patch procedure.
View hidden patches and restore them
-
Click 'Software Inventory' > 'Applications' > 'Patch Management'
-
Select the 'Operating System' tab
-
Select a group to view the list of patches and Windows updates available for its devices
Or
-
Select 'Show all' to view a list of all available patches and Windows updates
-
Click the funnel icon on the right, select 'Show hidden patch(es)' and click 'Apply'
The hidden patches are shown with dark gray background stripe.
-
Select the hidden patch(es) from the list and click 'Unhide Patch(es)'
A confirmation message is displayed. The patches are re-added to the list.
Install patch(es) on all managed endpoints at-once
-
Click 'Applications' > 'Patch Management'
-
Select the 'Operating System' tab
-
Select a group to view the list of patches and Windows updates available for its devices
Or
-
Select 'Show all' to view a list of all available patches and Windows updates
-
Select the patch(es) to be installed and click 'Install Patch(es)'
-
Click 'OK' in the confirmation dialog
The command will be sent and the
selected patch(es) will be installed on all endpoint(s) in which the
patch is not already installed.
Install a patch on selected endpoints
-
Click 'Software Inventory' > 'Applications' > 'Patch Management'
-
Select the 'Operating System' tab
-
Select a group to view the list of patches and Windows updates available for its devices
Or
-
Select 'Show all' to view a list of all available patches and Windows updates
-
Click the number in the 'Not Installed' column of the patch you want to install.
The 'Patch Details' screen will open at the 'Device List' tab. The screen shows all managed devices to which the patch is relevant. The 'Installed' column tells whether the patch is installed on the device.
-
Select the device(s) on which the patch is to be installed and click 'Install Patch'
-
A confirmation appears:
The command will be sent to the selected device(s) and a schedule will be created for installation of the selected patch(es) on the devices.
Uninstall
selected patches from all managed endpoints at-once
You can remove unwanted patches and Windows updates from the managed devices. This is useful if you want the managed endpoints to be rolled back to the previous build version of Windows component or the OS itself.
-
Click 'Software Inventory' > 'Applications' > 'Patch Management'
-
Select the 'Operating System' tab
-
Select a group to view the list of patches and Windows updates available for its devices
Or
-
Select 'Show all' to view a list of all available patches and Windows updates
-
Select the patch(es) to be removed from the devices and click 'Uninstall Patch(es)'
-
Click 'OK ' in the confirmation dialog
-
The command will be sent to the selected device(s) and a schedule will be created for uninstallation of the selected patch(es) on the devices.
-
The 'Patch Management' > 'Operating System' interface lets you create a procedure to deploy OS patches.
-
The procedures can be added to profiles and scheduled to run periodically.
Create a new patch procedure
-
Click 'Software Inventory' > 'Applications' > 'Patch Management'
-
Select the 'Operating System' tab
-
Click 'Create Windows Patch Procedure' at the top
The 'Create Windows Patch Procedure' wizard starts.
-
Create a name and specify the storage folder for the procedure. Select the categories of OS patches you want to install and configure endpoint restart options.
-
See create an OS patch procedure for more help with the wizard.
Approve / decline a Windows OS patch
You can deploy only approved and auto-approved patches on endpoints. You can disapprove a patch so it cannot be deployed, for example, you want to evaluate whether the patch is required or not.
-
Click 'Software Inventory' > 'Applications' > 'Patch Management'
-
Select the 'Operating System' tab
-
Select a patch and click 'Approved' or 'Decline' button at the top
-
Auto Approve - Enable this button so when a new patch is listed here, it is automatically approved. If disabled, the patch shows its status as 'Waiting for approval'.
Search specific patches in the Patch Management interface
-
Click the funnel icon on the right to filter patches by various criteria, including by name, by KB number, by bulletin number, by classification, by severity, and by whether a restart is required for the patches.
-
Start typing the name of a patch in the search field to find a particular patch. Select the patch from the search suggestions and click 'Apply'.
-
To display all items again, clear any filters and search criteria and click 'Apply'.
-
Xcitium returns 20 results per page when you perform a search. To increase the number of results displayed per page up to 200, click the arrow next to 'Results per page' drop-down.
Generate Patch Statuses Report
-
Click 'Software Inventory' > 'Applications' > 'Patch Management'
-
Select the 'Operating System' tab
-
Click 'Export' at the top.
-
The CSV file will be available in 'Dashboards' > 'Reports'
-
See 'Reports' in The Dashboards for how to view and download reports.