Unable to update software with Vulnerability & Patch Management

Issue

This article helps troubleshoot failures when initiating third-party software updates via the Patch Management module. Patch Management allows admins to push updates for supported applications, such as Adobe Acrobat, Mozilla Firefox, Zoom, and Microsoft products, from the console. However, updates can fail due to network issues, running processes, installation errors, or other factors.

Key Points:

• Errors appear in the Reason column of failed Update Installed Software tasks on the Investigate > Tasks page.
• Common failures include unreachable download URLs, installation error codes, or blocking processes.
• For detailed error code explanations, refer to Vulnerability & Patch Management error codes and messages in OneView

Before Starting:

• Ensure Patch Management is enabled in your policy
  1. Go to Configure > Policies > Software management.
  2. Enable the following settings:
     • Allow updating software inventory (Windows & macOS) and applying Windows OS patches (Windows only)
     • Installed software on the endpoints
• Confirm the application is supported for updates. Refer to the Update Available column in the console. If it is missing from the page, click Add / Remove Columns and add it.
• Endpoint must be online and communicating in the console.

Symptoms

• Patch Management updates fail

Resolution

Work through the following tasks in order until the issue is resolved.

Task 1: Initiate an 'Update Installed Software' task to reproduce the error

To display the failure reason:

1. Log in to the console.
2. Navigate to Manage > Patch Management.
3. Click the Software Updates tab.
4. In the table, check the box next to the failing application(s).
5. Click Actions > Update Software.
   • This triggers the update attempt on selected endpoints.

Wait for the task to complete or fail.

Task 2: Check the Failure Reason in the task details

1. Go to Investigate > Tasks.
2. Locate the recent Update Installed Software task.
3. Click the task to open the pop-out details. This shows a table of applications attempted.
4. Review the Reason for each failed entry. If the column is missing, click Add / Remove columns and add it.

Task 3: Common failure reasons and resolutions

"Could not update software XX: <Application Name>. The remote name could not be resolved: '<URL>'."

• Cause: Endpoint cannot reach the vendor's download URL (DNS resolution or network block).
• Resolution:
  1. Test connectivity from the endpoint (e.g., ping/nslookup the URL domain, or browse it).
  2. Check firewall/proxy rules to allow outbound access to the domain/URL.
  3. Ensure no local security software or network policies block the connection.
  4. Verify endpoint DNS settings (flush DNS: ipconfig /flushdns).

"Could not update software XXXX: <Application Name> Installation failed. Error code: -XX"

• Cause: Specific installer error during application of the patch.
• Resolution:
  1. Look up the code in: Vulnerability & Patch Management error codes and messages in OneView.
  2. Common examples include connection/database issues (-15, -17) or installer-specific failures.
  3. Retry after addressing network/certificate issues, or check vendor-specific requirements.

"Could not update software XXXX: <Application Name>. Cannot close all blocking processes."

• Cause: The application is running and cannot be closed automatically for the update.
• Resolution:
  1. Instruct end-users to manually close the application before retrying.
  2. Otherwise, go to Configure > Policies > Software management.
  3. Enable Force software to close for updates
  4. Re-initiate the update task after closing processes.

Reason Column Blank (No Visible Error)

• Cause: Detailed failure not surfaced in console UI.
• Resolution:
  1. On the affected endpoint, open the agent log:
     1. Path: %ProgramData%\Malwarebytes Endpoint Agent\Logs\EndpointAgent.txt
  2. Open in a text editor (e.g., Notepad++).
  3. Search for: event.asset.updatesoftware.failure
  4. Look for lines containing "error_message" (e.g., "Unable to update product 3563. Code -1034. Installation failed.").
  5. Use the error details (code/message) to cross-reference the official error codes article or troubleshoot further (e.g., -1034 might indicate a specific installer issue).

Task 4: Additional Checks and Best Practices

1. Force a policy sync.
   1. Go to Manage > Endpoints.
   2. Select the affected endpoints and click Actions > Check for Protection Updates.
2. Review endpoint logs for patterns around failure time.
3. Test on a single endpoint first to isolate issues.
4. Ensure the endpoint meets Patch Management requirements (e.g., supported OS, agent version).
5. Check for Interfering Security Software:
   1. Temporarily disable or exclude the ThreatDown agent folder from other antivirus or endpoint tools (e.g., Windows Defender, third-party EDR).
   2. If AppLocker or a similar application control is in use, disable it temporarily or add exceptions for the patch process, as ThreatDown cannot always bypass strict AppLocker rules.
6. Verify the Force Software to Close setting:
   1. In the policy (Configure > Policies > Software management tab), ensure Force software to close for updates is enabled.
   2. Manually close the target application on the endpoint before retrying the update.

Task 5: Escalate to Support If Needed

If the error persists after applying the relevant resolution:

1. Collect:
   • Screenshots of the task Reason column.
   • Excerpts from EndpointAgent.txt (search for failure events).
   • Endpoint details (OS, agent version, application name/version).
2. Contact ThreatDown Support for OneView
3. Reference the official error codes article for any specific codes found.

Patch Management failures are often network-related or process-blocking. Start with connectivity and policy settings. For comprehensive error details, always consult the linked Vulnerability & Patch Management error codes and messages in OneView.