Patch Management allows you to install software updates and available system patches on each endpoint.
Enable Patch Management policy
TIP - The Installed software on the endpoints setting under Events to report on is required to scan for patches.
- On the left navigation menu, go to Configure > Policies.
- Create a new policy or select an existing policy.
- Click the Software management tab.
- Check mark Allow updating software inventory and applying Windows OS patches for endpoints for Windows or Mac endpoints.
Note: Operating system patching is only available for Windows. Patch Management for macOS allows for updating 3rd-party software. - Configure patch management with the options in the table below.
- Click Save.
Patch management options
Setting | Description |
Disable Windows automatic updates for OS patches |
This disables Windows automatic updates and allows Patch Management to control when OS patches are installed. |
Show deployment progress from the ThreatDown icon |
Provides the ability to check deployment progress on the endpoint. Hover over the ThreatDown icon in the system tray to view the current deployment progress. |
Force close software for updates | Allow the endpoint agent to close software so 3rd-party applications can be updated. |
Force close time limit | Select the time limit after which applications will be closed to install updates. Customize a message to inform your users before the software is closed. |
Force close reminder frequency | Select how frequently users are reminded the software needs to be closed in order to perform updates. |
Scan for available patches
Run an Inventory & Vulnerability Scan in Nebula to identify available software patches on endpoints.
NOTICE - Running Inventory & Vulnerability scans on endpoints is expected to use up to 350MB of memory and 25-50% of the CPU. We recommend running this scan on endpoints during off hours for users. For our minimum hardware requirements, see System requirements for Nebula.
On-demand Scan
To run an on-demand scan for vulnerabilities, select the Scan Inventory & Vulnerability option from the action menu on the Endpoints page in Nebula. For more information, see Perform actions on endpoints in Nebula.
Scheduled Inventory & Vulnerability Scan
To create a scheduled scan for vulnerabilities, select the Scan Inventory & Vulnerability option for your schedule type on the Schedules page in Nebula. For more information, see Scheduled scans in Nebula.
To apply operating system patches, see Apply operating system patch in Nebula.
Return to Patch Management guide.