Patch Deploy

• 4 min to read •

 The full Tasks List represents different types of tasks that can be created in the Syxsense Console.

Patch management is important because it helps you to reduce your security risks by fixing software flaws that can make your system vulnerable to cyber-attacks.

When it comes to patch management, Syxsense allows:

There's no need to select patches, download them, send them to servers, and only then install them. You just open the console and patch.

Syxsense software scans devices for the need for specific patches for both operating systems and third-party software and checks if devices have superseding or newer patches. It also assesses your device health based on the CVSS score associated with each missing patch for both OS and third-party apps so that you can prioritize patching relative to your exposed risk. After you've created your patching baseline, you can then schedule a maintenance window out of office hours during which patching will be completed.

You can organize patching via the task and via the policy. If the device is turned on and you should patch the system endpoints within a Maintenance Window, then you are to create a Patch task. In the case of patching through the policy, even if the device is turned off, the server periodically sends requests until it receives a response from the device and then the patching process begins.

Syxsense software provides you access to the freshest and most complete patch set, as the solution has an industry-leading third-party software patches library. All the patches are pretested, so if a particular patch has critical bugs or is incompatible with other software, it won't be present in the console, and you will see the notification about most of such patches. This allows you to avoid rolling back bad patches, thereby helping you manage your employees' time more rationally.

When the patching process is over, you can create a variety of Reports on patching results that allow you to both evaluate the work done, identify problematic devices and undelivered patches, compare the change in the system security level over time, and plan further work.

Important Information

Use caution when choosing 'All Patches' for the deployment since all patches available in the console will be targeted to run for every device selected.

The industry, as well as Syxsense, strongly recommends performing a phased approach by focusing first on severity updates, such as Critical/High/Medium/Low rating, then deploying optional, hotfix, and 3rd party updates.

Patch deployments should always be performed following successful testing.

Devices will only download patch binary files if they need that patch.

Prerequisites 

Patch Deploy task permissions

An online device

Video Tutorial: How to Deploy PatchesVideo Tutorial: How to Deploy Patches

Watch our  Video to learn how to create a Patch Deploy Task.

Guided walk-through: How to Deploy Necessary Patches to All DevicesGuided walk-through: How to Deploy Necessary Patches to All Devices

Create:

From the Tasks menu click   > Choose 'Patch Deploy'Drop-down TitleDrop-down Title

Select Targets

Where: Select which devices to deploy patches to using either Predefined Device Queries, User Defined Device Queries, Active Directory, Device Groups, Specific Devices or All Devices > Click 'Next'.

 We recommend using Devices with Required Critical Patches to get started.

Select Updates

What: Select the patches you wish to deploy using either Predefined Patch Queries, Custom Patch Queries, Patch Group, Specific Patches, or All Patches > Click 'Next'.

We recommend using Critical Patches to get started.

Task Schedule

When: Select when you would like your patches to deploy > Click 'Next'.

You may configure a Maintenance Windows during which a Patch Deploy task will be completed, a repeat interval such as 'repeat every Monday' for unsuccessful devices, and the Protect option to ensure the patch deployment does not run during important business hours.

It's strongly recommended to create a recurring task with Maintenance Windows. The recommendation is to deploy on a perpetual basis; the maintenance window provides this level of recurrence with a set task duration.

Reboot Options 

Configure the Reboot and Snooze settings (only available for the optional reboot) > Click 'Next'.

Task Configuration

Decide whether you want to install or uninstall the selected patches > Click 'Next'.

Summary

Review the settings of the task and if configured correctly, click 'Finish' to save the task.   For patch deployments, forcing a reboot after deployment is strongly recommended.

TroubleshootingTroubleshooting

The list below will highlight some of the possible result statements with resolution.

Issue/Result Statement Reason/Resolution
'Not Connected' The device has a MicroAgent already installed, and it is not responding. The device is offline/not connected to the network.
'Partial success' The device started the task and completed a scan of some of the updates; however, the device could not complete the task.
'Target device disconnected' The device started the task but disconnected at any point in the task. Typically shown if target device disconnected before any updates were scanned.
'Lost Connection' The device started the task but disconnected at any point in the task. Typically shown if the target device disconnected before any updates were scanned.
'Not enough free disk space' The device does not have enough disk space to download the content. Ensure target device has enough disk space and re-attempt deployment task.
'Thread Being Aborted' or any other 'ErrorCode' The device likely has existing security software that does not trust Syxsense. 3rd party software must be populated with exclusions to trust this solution.

Last Update: July, 2024

Copyright ©2024 by Syxsense, Inc. All Rights Reserved