Skip to main content

Patch Management

How are missing patches fetched for the devices?

A: The missing patches are fetched by updating the Patch database either manually or based on a defined schedule.

How often is the patch database updated with new patches?

A: The patch database is synchronized and updated daily at the scheduled time. Additionally, you can manually update the patch database from the Patch Administration > Patch Repository page.

Can I select the types of patches to install?

A: Yes, you can select the category, OS, and third-party applications whose patches you want to install.

Do you have a list of supported patches?

A: Yes, you can get the list using this link.

Can I schedule a reboot after patches are installed?

A: No; however, in a Deployment Management > Deployment Policies, you can configure when to reboot machines (i.e., System Startup or On Next Scan Cycle). Additionally, you can postpone or delay the reboot according to a schedule.

Can I receive regular notifications about patches?

A: Yes, you can set up regular notifications for patches. To do this, go to Admin > Patch Administration > Deployment Notification tab and set your preferred deployment notification frequency in hours.

How can I decline the deployment of certain patches?

A: You can decline certain patches by creating a patch decline policy, which excludes specific patches from being deployed to selected computers and operating systems. You can create the policy from the Admin > Patch Management > Patch Administration > Patch Control > Decline Policy tab.

Can I limit the number of records appearing on a single page?

A: Yes, you can view 10, 25, and 50 records per page. You can set the number of pages from the 'Page' dropdown menu in the bottom-left corner.

Can I manage third-party application patches?

A: Yes, Motadata ServiceOps supports patch management for third-party applications, such as Firefox, Google Chrome, Adobe Acrobat DC, Adobe Acrobat Reader DC, and Adobe Acrobat Reader DC MUI.

Can I deploy patches to selected computers?

A: Yes. When creating a patch deployment, you can select the missing patches and the target computers for deployment.

Can I get a list of missing, applicable and declined patches?

A: Yes, using Out-Of-the-Box (OOB) reports, you can get a list of missing, applicable, and declined patches.

What are the different types of Patch Approvals?

A: There are three types of approvals:

  • Pre-Approved: As the name suggests, all the incoming patches (both new and missing)—are pre-approved by default. A user can manually change the Approval status of a patch to Reject or Approved. The Automatic Patch Test does not function with this selection. This selection applies to incoming future patches but does not affect already existing patches in the product.

    note

    By default, Definition Updates patches will always be pre-approved.

  • Manually Approve: All new incoming patches have a 'Not Approved' status by default. A user has to change the status manually to either Approved or Reject.

  • Test and Approve: You need to manually set the status. Also, you can create a Test Task. Once enabled, select the time when the patch is to be tested and approved. A Test Task (also known as Automatic Patch Test) deploys a selected set of patches to a specific set of computers. If deployment is successful on all computers, the patches are auto-approved after a set number of days. The Test Task functionality is exclusively available in this setting.

How does patch management ensure integrity and authenticity of patches for RedHat and CentOS systems?

A: ServiceOps Patch Management ensures integrity and authenticity of patches by following a process that includes the following steps:

  • Downloading the Patch from the official source.
  • Generating a checksum using the SHA-256 algorithm.
  • Comparing the generated checksum with the checksum provided by Red Hat or CentOS. If the checksums match, the file is authentic. If they do not match, the patch should not be applied. This process ensures that only verified and trusted patches are applied to the systems, maintaining their integrity and security.
Where will I find the installed patches?

A: To view the installed patches, use the DISM or SystemInfo command-line options.

DISM

  • Run the following command to get all the information about each hotfix installed on your computer.

    wmic qfe list full

  • You can also format the output as a table so that it is easy to read and comprehend.

    wmic qfe list full /format:table

  • If full information is not required, you can use the following command to get the summary:

    wmic qfe list brief

  • If you want to find a specific hotfix, run the following command:

    wmic qfe list brief | find “KB4495667”

  • To save the complete output in a file, run the following command:

    wmic qfe list full /format:table > C:\Users\Usman\Desktop\WindowsUpdatesReport.html

SystemInfo

  • If you only want a list of KnowledgeBase update numbers, you can open the command prompt and run the below command.

    systeminfo | find “KB”