Patch Update

Patch Management > Patch Update

• This page applies to the following products: On Premises, Kaseya Advanced, Kaseya Essentials, IT Center

The Patch Update page updates missing Microsoft patches on all machines displayed in the paging area. Patch Update overrides the Patch Approval Policy but obeys the Reboot Action policy. If you're using Automatic Update, then Patch Update is used on an exception basis to apply individual patches to multiple machines or to re-apply patches that originally failed on certain machines. See Methods of Updating Patches, Configuring Patch Management, Patch Processing, Superseded Patches, Update Classification and Patch Failure for a general description of patch management.

Patches Displayed

The display of patches on this page are based on:

• The Machine ID/Group ID filter.
• The patches reported using Scan Machine. Managed machines should be scanned daily.
• The patches of machines using Automatic Update. If the Hide machines set for Automatic Update box is checked, these patches are not listed here. These patches are automatically applied at the Automatic Update scheduled time for each machine.
• If the Hide patches denied by Patch Approval box is checked, patches that are denied or pending approval are not listed here.
• The patches of machines being processed by Initial Update. These patches are excluded from this page until Initial Update completes.

Duplicate Entries

Microsoft may use a common knowledge base article for one or more patches, causing patches to appear to be listed more than once. Patch Update displays patches sorted by Update Classification or Product first and knowledge base article number second. Check the Product name or click the KB Article link to distinguish patches associated with a common knowledge base article.

Superseded Patches

A patch may be superseded and not need to be installed. See Superseded Patches for more information.

Using Patch Update

1. Optionally click the KB Article link to display a Details page about the patch. The Details page contains a link to display the knowledge base article.
2. Patches classified as security updates have a security bulletin ID (MSyy-xxx). Optionally click the Security Bulletin link to review the security bulletin, if available.
3. Optionally click the box next to a KB Article to schedule that patch on all managed machines missing that patch.
4. Optionally click the Machines... button to schedule a patch on individual machines or to set machines to ignore a patch. The Ignore setting applies to the selected patch on the selected machines. If Ignore is set, the patch is considered Denied. Patches marked as Ignore on the selected machines cannot be installed by any of the installation methods. To be installed, the Ignore setting must be cleared.

   Note: A warning icon indicates the patch status for one or more machines should be checked before installing this patch. Click the Machines button and review the Status column for each machine missing this patch.

5. Click the Schedule button to install the patches using the install parameters.
6. Click the Cancel button to remove any pending patch installs.

Hide machines set for Automatic Update

If checked, hides patches missing from machine IDs set to Automatic Update.

Hide patches denied by Approval Policy

If checked, hides patches denied by Patch Approval Policy.

Patch Group By

Display patch groups by Classification or Product.

Schedule

Click this button to display the Scheduler window, which is used throughout the VSA to schedule a task. Schedule this task once. Options include:

• Distribution Window - Reschedules the task to a randomly selected time no later than the number of periods specified, to spread network traffic and server loading.
• Skip if offline - If checked and the machine is offline, skip and run the next scheduled period and time. If blank and the machine is offline, run the task as soon as the machine is online again.
• Power up if offline - Windows only. If checked, powers up the machine if offline. Requires Wake-On-LAN or vPro and another managed system on the same LAN.
• Exclude the following time range - If checked, specifies a date/time range to not perform the task.

Cancel

Click Cancel to cancel execution of this task on selected managed machines.

Note: Patches that are currently being processed (status of Pending - Processing Now) cannot be canceled.

Show Details

Click the Show Details checkbox to display the expanded title and installation warnings, if any, of each patch.

Select All/Unselect All

Click the Select All link to check all rows on the page. Click the Unselect All link to uncheck all rows on the page.

Status Warning Icon

A warning icon indicates the patch status for one or more machines should be checked before installing this patch. Click the Machines button and review the Status column for each machine missing this patch.

Machines...

Click Machines... to list all machines missing this patch. On the details page, the following status messages can appear next to a patch:

• Pending (Processing Now)
• Pending (Scheduled to run at <date>)
• Install Failed - See Patch Failure.
• Awaiting Reboot
• User not logged in
• User not ready to install
• Install Failed - Missing Network Credential
• Install Failed - Invalid Network Credential or LAN Server Unavailable
• Install Failed - Invalid Credential
• Missing
• Denied by Patch Approval
• Denied (Pending Patch Approval)
• Manual install to database server only - Applies to SQL Server patches on the database server where the KServer database is hosted
• Manual install to KServer only - Applies to Office or any "install-as-user" patches on the KServer
• Patch Location Pending - Applies to patches with an invalid patch location. See Invalid Patch Location Notification in System > Configure.
• Missing Patch Location
• Ignore

KB Article

The knowledge base article describing the patch. Click the KB Article link to display a Details page about the patch. The Details page contains a link to display the knowledge base article.

Security Bulletin

Patches classified as security updates have a security bulletin ID (MSyy-xxx). Clicking this link displays the security bulletin.

Missing

The number of machines missing this patch.

Auto

Displays only if the Hide machines set for Automatic Update box is not checked. The number of machines scheduled to install this patch by Automatic Update.

Ignore

The number of machine set to ignore a patch using the Machines button. The Ignore setting applies to the selected patch on the selected machines. If Ignore is set, the patch is considered Denied. Patches marked as Ignore on the selected machines cannot be installed by any of the installation methods. To be installed, the Ignore setting must be cleared.

Product

The Product column helps identify the product category associated with a specific patch. If a patch is used across multiple operating system families (i.e., Windows XP, Windows Server 2003, Vista, etc.), the product category is Common Windows Component. Examples include Internet Explorer, Windows Media Player, MDAC, MSXML, etc.

Update Classification

See Update Classification for an explanation of Classification and Type.

Topic 346: Send Feedback. Download a PDF of this online book from the first topic in the table of contents. Print this topic.