Skip to main content

we are missing some critical patches from the previous month and upon checking automox console I do see some systems didnt get the patch applied as expected.

 

is there a way identify the systems with missing Kbs and then apply that to them?

 

Hi Curioustoknow,

Take the KB number and head to the Software page. Do a search for the KB in question and if applicable, you will see a quantity in the ‘Impacted’ column. Click on the quantity of endpoints to review if needed. When you are ready go back to the Software page and click ‘Action>Patch Now’ which will deploy the update in question on all the Impacted devices at the same time. If the update requires a restart, endpoints will not auto-restart. They will be put in a Reboot Required state and should be rebooted as soon as possible afterwards.


I have 100+ devices to this on? is there an automatic way to do it?


A Patch Only policy will do this for you automatically. Type something like ‘KB777 TEMP/Emergency’, target the package in question, schedule it for a few minutes/hours out and then ensure ‘Automatic Restart’ is enabled.

Once you build the policy, scan all your endpoints so they can check policy compliance. The update will auto-deploy as scheduled followed by a restart.

Make sure the notifications are configured in such a way they won’t delay the patch from going out (recommend off, but make sure that is the best option for the situation in your case).


Is the system smart enough that if the system is off but turned on next day or two later that it will still receive the patch?


Hi @curioustoknow !

If you have this option enabled on your policy, it will ensure that the device receives the patch the next time it comes online:

 


A manual deployment (from the software page) will only deploy out to online devices at the time. One of the benefits of the policy (as John highlighted) over manual deployments.


when I go to activity log report, I dont see any logs for this new created patch policy


Reply