Version: 8.4.X

Patch Management

How are missing patches fetched for the devices?

A: The missing patches are fetched by updating the Patch database either manually or based on schedule.

How often is the patch database updated with new patches?

A: The patch database is synchronized and updated daily at the scheduled time. Additionally, you can update the patch database manually from the Patch Settings.

Can I select the types of patches to install?

A: Yes, you can select the category, OS, and third-party applications whose patches you want to install.

Do you have a list of supported patches?

A: Yes, you can get the list using this link.

Can I schedule a reboot after patches are installed?

A: No, however, in Deployment Policy you can configure when to reboot the machines, i.e. System Startup or On Next Scan Cycle. Also, you can postpone or delay the reboot according to a schedule.

Can I receive regular notifications about patches?

A: Yes, you can set up regular notifications for patches. To do this, go to Admin > Patch Settings > Deployment Notification tab and set the deployment notification frequency to your preferred interval in hours.

How can I decline the deployment of certain patches?

A: You can decline certain patches by creating a patch decline policy, which excludes specific patches from being deployed to selected computers and operating systems. You can create the policy from Admin > Patch Management > Decline Patches page.

Can I limit the number of records appearing on a single page?

A: Yes, you can view 10, 25, and 50 records per page. You can set the number of pages from the Page dropdown at the bottom-left corner.

Can I manage third-party application patches?

A: Yes, Motadata ServiceOps supports patch management for third-party applications, like Firefox, Google Chrome, Adobe Acrobat DC, Adobe Acrobat Reader DC, and Adobe Acrobat Reader DC MUI.

Can I deploy patches to selected computers?

A: Yes. While creating patch deployment you can select the missing patches and the computers on which they should be deployed.

Can I get a list of missing, applicable and declined patches?

A: Yes, using OOB reports you can get the list of missing, applicable and declined patches.

What are the different types of Patch Approvals?

A: There are three types of approvals:

Pre-Approved: As the name suggests, all the incoming patches (both new and missing) are pre-approved by default. A user can manually change the Approval status of a patch to Reject or Approved. The Automatic Patch Test fails to function with this selection. This selection comes into effect for incoming future patches, while it remains ineffective on the already existing patches in the product.
note
By default, the Definition Updates Patches will always be pre-approved.
Manually Approve: All new incoming patches have the Approval status Not Approved by default. A user has to change the status manually to either Approved or Reject.
Test and Approve: You need to manually set the status. Also, you can create a Test Task. Once enabled, select the Time when the patch is to be tested and approved. A Test Task, also known as Automatic Patch Test, deploys a selected set of patches to a specific set of computers. If deployment is successful in all the computers, the patches are auto-approved after a set number of days. Test Task only works in this setting.

How does patch management ensure integrity and authenticity of patches for RedHat and CentOS systems?

A: ServiceOps Patch Management ensures integrity and authenticity of patches by following a process which includes the following steps:

Downloading the Patch from the official source.
Generating a checksum using the SHA-256 algorithm.
Comparing the generated checksum with the one provided by Red Hat or CentOS. If the checksums match, the file is authentic. If they do not match, the patch should not be applied. This process ensures that only verified and trusted patches are applied to the systems, maintaining their integrity and security.

Where will I find the installed patches?

A: To view the installed patches, use the DISM/SystemInfo command-line options:

DISM

Run the following command to get all the information about each hotfix installed on your computer.
wmic qfe list full
You can also format the output as a table so that it is easy to read and comprehend.
wmic qfe list full /format:table
If full information is not required, you can use the following command to get the summary:
wmic qfe list brief
If you want to find a specific hotfix, run the following command:
wmic qfe list brief | find “KB4495667”
To save the complete output in a file, run the following command:
wmic qfe list full /format:table > C:\Users\Usman\Desktop\WindowsUpdatesReport.html

SystemInfo

If you only want a list of KnowledgeBase update numbers, you can open the command prompt and run the belowcommand.
systeminfo | find “KB”

How are missing patches fetched for the devices?​

How often is the patch database updated with new patches?​

Can I select the types of patches to install?​

Do you have a list of supported patches?​

Can I schedule a reboot after patches are installed?​

Can I receive regular notifications about patches?​

How can I decline the deployment of certain patches?​

Can I limit the number of records appearing on a single page?​

Can I manage third-party application patches?​

Can I deploy patches to selected computers?​

Can I get a list of missing, applicable and declined patches?​

What are the different types of Patch Approvals?​

How does patch management ensure integrity and authenticity of patches for RedHat and CentOS systems?​

Where will I find the installed patches?​