Patch Approval Actions

After running a scan, Patch Management for Windows reports back the device's patch status.

To allow full control over whether these patches are deployed, you can set up the auto-approval action based on patch classification in the Patch Management Feature Policy. Configure actions for specific Patches down to the site level in the Management Workflow dialog, or choose what to do with individual patches on a device in the device's Manage Patches on Individual Devices through the Patches tab tab.

By default, devices inherit their settings from the Site, which, in turn, inherits the policy of the Client, which inherits the policy for all servers or workstations. When configuring a child (Device, Site or Client) this setting takes precedence over the parent's configuration.

Approval Setting Description
Approve Sets the patch as 'approved' for installation during next scheduled remediation run
Ignore Sets the patch as 'ignored', preventing it from installing in future remediation runs. As long as the patch remains in an 'ignored' state
Do Nothing Sets the patch to NOT have any Patch Approval Action apply to it. The patch status will instead reflect what is set in the applied Feature Policy.