Get a Quote or Download Free Trial
Patch Manager Plus Overview
Extensive support to 250+ third party applications patching
- Stay 100% secure by defending against vulnerabilities in your 3rd party applications.
- Large repository of patches for common applications such as Adobe, Java, WinRAR and more.
- Make use of pre-built, tested, ready-to-deploy packages.
Gain complete visibility and control over your patching
- Patch compliance made easy with advanced analytics and audits.
- Insightful patch management reports to help track your patching.
- Customisable deployment policies to meet your business needs.
Patch management metrics refers to measuring the progress of patching process and arriving at better insights on how to improvise your enterprise security. Being able to measure how well your patch strategies and deployment policies are working helps decide what patches to abandon and what to double down on.
With continuous patching metrics and network monitoring, Patch Manager Plus can help find all missing patches and vulnerable systems on your network and provide the information needed to make your patch management program successful. Patch Manager Plus provides real-time patch management metrics such as:
- Patch status dashboards
- Patch compliance audits
- Patch management reports
Features (Windows Patching, Linux, MacOS Updates)
Patch Manager Plus offers all of the following critical requirements that IT organizations should consider while choosing the right patch management solution for them:
- Cross-platform support to patch across all major device operating systems - Windows, Mac and Linux.
- Supports patching heterogeneous endpoints such as laptops, desktops, servers, roaming users and virtual machines.
- Seamless deployment of patches to 250+ third party applications such as Adobe applications, Java and WinRAR.
- Easy to use patch management tool with an interactive web-based interface and support documents to help users at every step.
- Affordable enterprise scalability to meet your needs whether you're deploying patches around a specific case, specific department or your entire enterprise.
- Completely automate patching process and save IT staff time and resources.
- Rollback feature is made easy by uninstalling already installed patches. If any problems emerge after the distribution, they can be eliminated quickly.
- Dynamic reporting shows you all the details of patch status and compliance across your organization.
Windows 10 feature update deployment
Microsoft adopted a servicing model with Windows 10 by releasing major OS upgrades, under the label "feature update", twice per year. However, deploying them gets tricky. Since the update size is considerably large, it often lead to huge bandwidth consumption and prolonged installation. It gets much worse if the number of computers to be managed are in thousands, which makes patch management tool the need of the hour.
An effective patch management tool should meet a few key requirements:
- Able to deploy updates from a centralized interface
- Schedule updates to a convenient time
- Test the stability of updates prior to deployment
- Automate repetitive tasks
Patch Manager Plus seamlessly handles all the above mentioned aspects in a streamlined manner. Deploying Windows 10 feature update with Patch Manager Plus is as easy as deploying any other Windows update.
Get a Quote or Download Free Trial
Frequently Asked Questions
Get a Quote or Download Free Trial
- If Microsoft "pulls" a bad patch, in the new distributed model, how can Patch Manager Plus remove it?
It is recommended to use "Test and Approve" feature, which can test the patches on lab machine and then approve it automatically before deployment. We also have patch removal/roll back option, which can be used to handle these situations.
- Can I schedule a reboot for a specific time after patches are installed? For servers as well as desktops?
We do not have an option to schedule the reboot, however, you can customize the deployment to a specific time interval and configure a reboot to meet your requirement.
- Is there a way to be alerted about when zero day patches become available to download so we can ensure to get those pushed instead of having to wait for the scheduled policy?
You can create a separate "Deployment Policy" for such requirements and get them deployed automatically.
- How often should the patch scan be ran, is there a manual setting?
It depends on the number of computers. Usually in an enterprise, it is done at least once in a week using Automated Patch Deployment (APD) task.
- Should the computer need to be connected to admin account, for getting the patches deployed? Or can it be regular user account?
Managed computers can be use regular user account, since the agent is running in the system account it would have the priviledge to install the patches.
- How to specify languages for patches?
Patch Manager Plus will automatically detect the language based on the operating system.
- What will happen when the patches was installing and user accidentally turns off the computer?
Patch Manager Plus will retry to install the patch during the subsequent deplyment window and the installation status would be updated.
- I didn't catch the part about, patch approval. Is there a way to automatically approve patches or you have to approve the patch manually?
It is about testing the patches before deployment. You can choose to approve the patches automatically or manually. We also have the feasibility to test the patches before approving them automatically. The tested patches can be approved automatically after specified number of days if no failures found. Alternatively, you can manually approve it based on the result.
- The patch management solution that we are using currently tells us what we need to download and then we manually download the patches. After the patches are deployed we can remove the downloaded patches which we no longer need. But this is manually done. How deos Patch Manager Plus handle this requirement.?
Patch Manager Plus will allow you to automate the complete process. You can create an APD task, which will automatically scan computers, detect missing patches, automatically download the required patches and deploy it to the target computers. You can configure "Patch Clean up settings, to automatically delete the unwanted patches.
- Can you limit patches to just laptops or desktops?
Yes, you can. You can target machines based on system type such as laptops and desktops. You can also create a custom group with system type as criteria.
- Do we have the feasibility to split the scan & download from the patch deployment?
You can create separate APD task for scanning and downloading the patches. You will find four different options such as scan, download, draft and deploy. You can choose any of them based on your requirement
- When there are patches in "yet to apply" status, is there a way to get notified about the patches, after deployment/failure?
You can configure notification settings for the APD task which can send you the status report multiple times based on the different status including scanning, downloading and deployment of patches Yes, Patch Manager Plus supports them
- When you initiate patch scanning, does it start scanning all the computers at a same time or does it scan them incrementally?
Scanning will be initiated incrementally in order to avoid bandwidth bottlenecks.
- Can we make single store for all MAC patches?
Patch Manager Plus maintains a single patch store for all the patches, including Windows, Mac Linux and 3rd party patches. You can customize it from Patch Mgmt -> Downloaded Patches -> Settings -> Download Settings.
- Is it possible to schedule the patches to be installed and then the computer rebooted and then shut down after the reboot?
Deployment Policy can be used to schedule the patch and reboot/shutdown. However, if you want to shut down after reboot, you can use the remote shutdown/reboot tool to perform this operation.
- Before I start creating a configuration for patching, should I be running a Vulnerability Database update? Once I update it, should I click "Sync Now" or should I run a "Scan Systems" and then sync?
Patch database will be synchronized automatically as per built-in-scheduler Patch Mgmt -> Patch Database Settings -> Enable Schedule. You can verify the latest sync time from, Patch Mgmt -> Update Vulnerability DB -> last updated time. However, you can sync it manually, using “sync now” option.
- Right now we use WSUS for MS patches. What is the best way to switch over to Patch Manager Plus?
You can disable auto-updates from WSUS and install Patch Manager Plus agent on the computers to be managed, scan the computers and start deploying the patches.
- I need to deploy the newest Mozilla updates to certain computers but exclude some, how do I do this?
You can create a custom group with the computers which you wanted to exclude. Decline the application from, Patch Mgmt -> Decline Patch -> Decline Patch for Group -> specify the application.
- How would I automatically download and deploy the latest flash updates as they are released?
You should configure “Automated Patch Deployment Task” and ensure that the schedule is run every day to keep your computers up-to-date.
- How to ensure the individual computers do not download patches from the internet? I do not want any 3rd party application in our organization to take the updates from the internet?
You can see the “Installed Time”, against the patch, if it is installed using Patch Manager Plus. If you do not find the “Installed Time”, then it could be patched using automatic updates. In such cases, you will have to disable auto-updates from, Configurations -> Script Repository ->Templates tab -> Search for AutomaticUpdates.exe -> add to repository. Create a configuration, select the target computers and deploy it.
- Will there be a feature to pull local logs of failed deployments from the Patch Manager Plus site?
Yes, you can pull local agent logs from remote computers and upload it to support for analysis from, Support -> Create Support File.
- Is the ability to create a test group of several computers and giving them patches before they are made available to all the computers in company?
You can create a custom group and test the patches before deploying them to all computers in the company. Ability to "Test and deploy" patches, will be available at the end of this quarter.
- How to setup automatic deployment of JRE to the latest release. It seems that computers that have JRE 1.7 are not flagged to receive JRE 1.8 automatically.
JRE update from 1.7 to 1.8 is considered as an upgrade and not as an update, which means, both the versions can co-exist. You can use software deployment to install JRE 1.8 and uninstall JRE 1.7.
- Is there a way to configure the lists of computers, etc., permanently display more than 25 at a time?
You can customize the count of computers, displayed. The changes you make will persist only for the technician and the view.
- If I want to schedule patches to run in the next 20 minutes, is there a way to force the Patch Manager Plus agent on client machines to talk to the server, thus getting that task quicker than the 90 minute policy refresh? (Example - McAfee anti-virus has a feature called "wake up agent" that tells the agent to pull down fresh
You can achieve this by using “deploy immediately option”, whenever you deploy a patch configuration. This will wake up the target computer on-demand, to perform the task initiated by Patch Manager Plus.
- When viewing the results of an "Automate Patch Deployment", is there a way to see the history of what patches were installed by previous runs of this task?
You can view the status of the “Automate Patch Deployment Task” from, Patch Mgmt -> Automated Patch Deployment Tasks. You can also generate reports of these tasks and schedule it.
- Does "Service Packs" include the new Windows 10 "Builds”. In my environment, I have some Windows 10 machines on build 10240 and some on 10586. How can I update those machines on build 10240 to build 10568?
Yes, this can be achieved using software deployment.
- I do not see where I can push Anti-virus definitions using Patch Manager Plus.
Yes, you can deploy definition updates using Patch Manager Plus from, Patch Mgmt -> Automate Patch Deployment -> Schedule Anti-Virus Task
- Java updates -- is it possible to allow update for compatibility with app X and preserve legacy version for compatibility with app Y or app Z?
You can create a dynamic custom group and choose to decline the patches for the specific application like JRE. By doing this, you can maintain multiple versions of the JRE in your network.
- I have the patches set to automatically deploy how can I check the deployment since it is not making a configuration deployment?
Automated patch tasks are not regular configurations. You can view the status of the You can view the status of the "Automate Patch Deployment Task -> System View
". You can also configure notification settings, Patch Mgmt -> Automate Patch Deployment -> Notification Settings
, to receive email updates, whenever there is any change in the status of the task.
- How do you make a separate policy that is specifically for server OSs and does not automatically restart the server?
This can be achieved by configuring the deployment policy and excluding servers from reboot, Patch Mgmt -> Deployment Policies -> Create Deployment Policy ->Deployment Window -> Reboot Policy -> Exclude Servers from Reboot
- We currently use McAfee encryption on some of our devices. We are trying to figure out how to continue auto deployment after hours once everything is encrypted. Does Patch Manager Plus have a method of handling this?
This can be achieved by configuring the deployment to happen after the encryption time window. You can configure it from, Patch Mgmt -> Deployment Policies -> Create Deployment Policy -> Deployment Window
- I want to patch computers which are not live. How does "wake-up & deploy" work?
You can wake up the computers and deploy the patches by configuring, Patch Mgmt -> Deployment Policies -> Create Deployment Policy -> Turn on computers before deployment.
- Under all patches, I don't have "filter" option, decline patch option is shown , install patch, download patches, decline patch are the only options. there is no "mark as option" Nor "filter". How do I approve patches?
“Mark As” - option, will be available only when you choose to approve patches Manually, Patch Mgmt-> Settings -> Approval settings - > Approve Patches -> Manually
. If you have chosen to approve all patches automatically, all the patches will be marked as approved by default.
- How come I have not seen updates for Windows 10 or MS 2016?
Both Windows 10 and Microsoft Office 2016 are supported by Patch Manager Plus. You should ensure that your Patch Database is successfully synchronized in the recent past. Verify it from, Patch Mgmt -> Update Vulnerability DB -> Last update time
- Can I use Patch Manager Plus to manage 3rd Party applications?
Yes, Patch Manager Plus supports managing 3rd party applications.
- Can I create a report for systems that need patches older than 30 days?
You can, create a report from, Patch Mgmt -> All Patches -> Missing Patches Tab -> Computer View
and create a filter based on the “Release Date”
- What is the timeline for adding McAfee antivirus to virus mgt section?
You can use the File Folder operations configuration, Software deployment, custom script configuration to update the definition updates and engine upgrades. We are also looking into the possibility to include this to Patch Management section.
- Can you install the Patch Manager Plus server in the cloud and have remote clients grab updates from that server to conserve bandwidth at the home office?
It is currently not available in cloud. However, we are looking at cloud based solution.
- Is it possible to set patch deployment Policy schedule to run every 3rd Sunday of the month?
Yes, when you create an APD task, under scheduler select Monthly option and choose 3rd Sunday
- Why are dynamic custom groups not always available?
Dynamic custom groups are evaluated on the client side during deployment based on the criteria you have defined.
- In previous versions of DC, when selecting targeting computers under "Define Target" to install software/ patches you were able to see a list of all computers and check mark each device. Now it seems as if you select "computers" you have to type each device's computer name. Is there a way to have the previous layout?
The new UI is developed based on the usage. When you have more number of computers, you can move it to a group or an OU and add them as target
- Can you disable windows automatic updates?
Yes, under Patch Mgmt->Disable Automatic Updates, choose templates and disable
- If I want to scan computer for missing patches during the day to approve the patches for deployment overnight, how would I schedule that?
You might need to create 2 separate APD tasks as below to achieve this: • Create the first task to just scan the computers and schedule this at 10 AM. This will complete by 12 noon and you will get the list of missing patches, which you can choose and approve • Create a second task scheduled to run at 3PM (assuming that you would approve the patches by then). For this task, define a Deployment policy with o Deployment Window with start and end times as required, say start at 8 PM o Select this option “Download Patches/Software during subsequent Refresh Cycle”The second task will start at 3 PM and scan the computers again and download the necessary patches to the agents. Assuming that all the target computers are up, this will complete and keep things ready for deployment by 6 PM. The deployment will begin at the scheduled deployment window, 8 PM
- We currently have a large number of Laptops which need to be updated. These laptops are rarely connected to the domain, and when they are it is via a VPN. How do we push patches to these laptops without impacting user experience or poking holes in our firewall?
When these computers connect to the network via VPN, the deployment will be initiated during the next refresh cycle (90 minutes)
- Patch Manager Plus now patches Linux?
Yes, Ubuntu flavors are supported. The update will be made available by next month for existing users
- Are all patches released by Microsoft available for patching via Patch Manager Plus?
Yes, almost all patches that have a download URL will be supported.
- What is the average turn around for patches to be updated by you guys. For instance the latest flash patch took until the next day to come out.
We usually support within 24 hours
- How do you select which catagories of windows updates are included? Specifically, we can not find KB3102467 in our Patch Manager Plus database.
This is a feature pack; not supported in patch. • Can use Software Templates - > Search with Microsoft .NET Framework 4.6.1 and create package and deploy
- How much disk space does a Distribution Server need to have to cache patches?
It depends on the number of systems and patches that are maintained, maybe upto 1 GB. It is recommended to configure patch cleanup settings to remove older patches automatically. This will also cleanup the distribution server.
- If you do the cleanup and then put a newer machine and it needs an older patch what will happen?
It will automatically be downloaded and installed
- How do I know which updates to run and the order to run them?
Patch interdependencies and sequencing will be automatically be taken care by Patch Manager Plus.
- In the architecture, what is the cache server? it is the Distribution server?
Yes, it is the Distribution Server
- After the initial agent deployment, will patch management scan subnets for new machines that do not have the agent going forward?
No, agent should be deployed prior to scanning. You can define SoM Sync Policy to automatically identify new computers added to Active Directory and install agents on them.
- Can you deploy as administrator?
No, this is not possible
- Can you send a process on how to disable windows 10 creep update for Windows 7 computers?
Under Configuration Templates, we have a template to disable windows10 creep update (Disable Windows 10 Notification.)
- Can one distribution Server support multiple remote offices?
Yes, it is technically possible if all the remote offices use the same agent and if all the remote office computers can reach the Distribution Server.
- Is it possible to deploy patches to specific computers?
Yes, the ideal way to do this is go to the All Systems View, select the computer and install all missing patches to this computer.
- Can DC support updating of iTunes app on a Mac OS?
No, this is not feasible as download URL to this update is not publicly available
- If distribution server is stopped so whether client will be able to communicate to main server?
Yes, the agents will contact the server to post the failure messages. But, no deployment will happen
* Annual Maintenance & Support Fee
or Download Free Trial