View Patch Information including Reports

After Patch Management for Windows is enabled for the selection, the Agent downloads the Patch Management for Windows installation package (through the Site Concentrator if available) and silently deploys the software.

It may take up to two 24x7 monitoring cycles for the feature to activate and once active on the device, it will automatically run a Patch Status Scan and report back any discovered missing patches to the Dashboard.

The Patch Status Scan automatically runs once per day at the same time as the Daily Safety Checks, based on an Installation Schedule or after a remediation action.

Additionally, the scan may also be triggered as required directly from the Dashboard via Re-run Patch Scan.

Patch Management for Windows runs a Patch Status Scan after 8 days to ensure the patch list is up-to-date. Previously, this scan ran every 3 days, however if the Patch schedule was only set to run weekly, the Patch Status Scan would not take that into account and run after 3 days, and conclude the patch list was out of date and fail the check. This in turn generated multiple failed Patch Status Scan checks unnecessarily.

Checks Tab - Patch Status Check

The scan results are displayed against the Patch Status Check, accessible from the device's Checks tab on the Dashboard.

The Check's More Information link contains a summary of the results the last time the Check ran, click the link for detailed information in including the Last Scan run time along with the vulnerabilities and missing patches that were identified.

Patches Tab

Information on the installed and available patches is retrieved by Patch Management for Windows, uploaded to the Dashboard and displayed in the device's Patches tab.  

All patches display their current installation state along with their Severity, Classification, Patch Name, Product, Date Installed, and whether they are Installable or Uninstallable.

Date Installed: The displayed installation date is that detected by Patch Management for Windows, and reflects installations by any method, not just those patches installed by Patch Management for Windows.

Patch Installation States

  State Description
Missing A patch available for the device and awaiting approval for installation
Pending Patch was approved and awaiting manual or scheduled installation
Installing Patch currently installing
Installed Patch successfully installed. The Date Installed is populated where the patch was deployed via Patch Management
Failed Patch installation unsuccessful on a small number of occasions an unreported reboot may be required to complete an installation.
Ignored Patch available for the device, but marked as Ignored. Ignored patches are not listed as missing in future Patch Checks on this server or workstation.
Reboot Required Patch installed but requires a reboot to complete the installation process

Installable and Uninstallable

The majority of patches detected by Patch Management for Windows are programmatically deployable, however there are some families of patches that are not installable via automated means. The Installable column is used to indicate whether a patch can be installed by Patch Management (Installable = Yes) or whether manual intervention is required to install the patch (Installable = No).

Some Microsoft patches support a rollback option with this indicated under the Uninstallable column.

Patch Information

Double-click a patch in the South-pane to view detailed information (where available):

Section Description
General Patch Name | Status | Vendor | Product | More Information (link to vendor site)
Details Classification | Severity | Bulletin ID | Release Date | Major Version | Installable | Uninstallable
Last Installation Failure (where available) Occurrence | Status | Reason
Across this Client Devices where this patch is missing | Devices where this patch is installed | Devices where this patch is ignored

Information on these actions is available in the Patches tab - Manage Patches on individual Devices.

Dashboard North-pane: Patches Pending Column

To display targeted and relevant information, you can choose the columns displayed in the Dashboard North-pane. To highlight those devices where a patch is currently in the pending state, you can include the Patches Pending column.

  1. Click on the Columns drop-down above the Dashboard's North-pane
  2. Tick to include or untick to remove the Patches Pending column

Dashboard Reports

Patch Management Overview Report

The Patch Management Overview Report is available as HTML, CSV or XML and lists the name and installation status of all discovered patches across the selected Client(s) devices.

Patch Failure Report

The Patch Failure Report tracks all patch failures, even those where the installation was eventually successful, to help identify typically problematic patches.

Client-facing Reports

Client Daily and Weekly Reports

The Patch Status Check results are included in the Client Daily Report and Client Weekly Report alongside the other Daily Safety Checks.

Use Report Mode to ensure the Patch Status Check always passes, even when missing patches or vulnerabilities are identified.

Client Monthly Report

The option to include a list of missing and installed patches for the last calendar month along with their install date (if deployed by Patch Management) is available for the Client Monthly Report and is configurable for all or specific clients (override content)

Including this information demonstrates just how hard your team is working on the Client 's behalf to keep their systems up-to-date and disruption to a minimum.

In the Client Monthly Report Missing patches cannot be included without also including Installed patches.