View Patch Information including Reports

Once Patch Management is enabled for the selection, the Advanced Monitoring Agent downloads the Patch Management installation package (through the Site Concentrator if available) and silently deploys the software.

It may take up to two 24x7 monitoring cycles for the feature to activate and once active on the device, it will automatically run a Patch Status Scan and report back any discovered missing patches to the Dashboard.

Depending on the installed Windows Monitoring Agent version, the Patch Status Scan automatically runs once per day at the same time as the Daily Safety Checks, based on an Installation Schedule where Agent 10.2.0 or later is installed or after a remediation action.

Additionally, the scan may also be triggered as required directly from the Dashboard via Re-run Patch Scan.

PME now runs a Patch Status Scan after 8 days to ensure the patch list is up-to-date. Previously, this scan ran every 3 days, however if the Patch schedule was only set to run weekly, the Patch Status Scan would not take that into account and run after 3 days, and conclude the patch list was out of date and fail the check. This in turn generated multiple failed Patch Status Scan checks unnecessarily.

Checks Tab - Patch Status Check

The scan results are displayed against the Patch Status Check, accessible from the device's Checks tab on the Dashboard.

The Check's More Information link contains a summary of the results the last time the Check ran, click the link for detailed information in including the Last Scan run time along with the vulnerabilities and missing patches that were identified.

Patches Tab

Information on the installed and available patches is retrieved by Patch Management, uploaded to the Dashboard and displayed in the device's Patches tab.  

All patches display their current installation state along with their Severity, Patch Name, Product, Date Installed, and whether they are Installable or Uninstallable.

Date Installed: The displayed installation date is that detected by Patch Management, and reflects installations by any method, not just those patches installed by Patch Management.

Patch Installation States



A patch available for the device and awaiting approval for installation



Patch was approved and awaiting manual or scheduled installation



Patch currently installing



Patch successfully installed. The Date Installed is populated where the patch was deployed via Patch Management



Patch installation unsuccessful On a small number of occasions an unreported reboot may be required to complete an installation.



Patch available for the device, but marked as Ignored. Ignored patches are not listed as missing in future Patch Checks on this server or workstation.


Reboot Required

Patch installed but requires a reboot to complete the installation process

Installable and Uninstallable

The majority of patches detected by Patch Management are programmatically deployable, however there are some families of patches that are not installable via automated means. The Installable column is used to indicate whether a patch can be installed by Patch Management (Installable = Yes) or whether manual intervention is required to install the patch (Installable = No).

Some Microsoft patches support a rollback option with this indicated under the Uninstallable. This uninstall option is supported from Windows Monitoring Agent 10.2.0.

Patch Information

Double-click on a patch in the south panel to view detailed information (where available):




Patch Name | Status | Vendor | Product | More Information (link to vendor site)


Type | Severity | Bulletin ID | Release Date | Major Version | Installable | Uninstallable

Last Installation Failure (where available)

Occurrence | Status | Reason

Across this Client

Devices where this patch is missing | Devices where this patch is installed | Devices where this patch is ignored

The Last Installation Failure details and Uninstall option (where the Patch is Uninstallable) are only available for devices running Advanced Monitoring Agent 10.2.0 or later.

In addition to displaying details on the patch, this dialog also includes action options to specify how the patch is handled on the device. Choose from: Approve | Ignore | Do Nothing.

Information on these actions is available in the Patches tab - Manage Patches on individual Devices


Dashboard north pane: Patches Pending Column

To display targeted and relevant information, you can choose the columns displayed in the Dashboard north pane. To highlight those devices where a patch is currently in the pending state, you can include the Patches Pending column.

  1. Click on the Columns drop-down above the Dashboard's north pane
  2. Tick to include or untick to remove thePatches Pending column

Dashboard Reports

Patch Management Overview Report

The Patch Management Overview Report is available as HTML, CSV or XML and lists the name and installation status of all discovered patches across the selected Client(s) devices.

Patch Failure Report

The Patch Failure Report tracks all patch failures, even those where the installation was eventually successful, to help identify typically problematic patches.

Client Facing Reports

Client Daily and Weekly Reports

The Patch Status Check results are included in the Client Daily Report and Client Weekly Report alongside the other Daily Safety Checks.

Use Report Mode to ensure the Patch Status Check always passes, even when missing patches or vulnerabilities are identified.

Client Monthly Report

The option to include a list of missing and installed patches for the last calendar month along with their install date (if deployed by Patch Management) is available for the Client Monthly Report and is configurable for all or specific clients (override content)

Including this information demonstrates just how hard your team is working on the Client's’ behalf to keep their systems up-to-date and disruption to a minimum.

In the Client Monthly Report Missing patches cannot be included without also including Installed patches.