About patch management
Click here to see this page in full context

 

About patch management

Miradore's patch management feature can be used to centrally manage the deployment of software and operating system patches and updates in managed devices. This guide here mostly contains instructions for security officers, but if you're looking for patch management implementation guide for administrators, please refer to Getting started with patch management.

If you're interested in managing Windows 10 version updates with Miradore, check Managing Windows 10 version updates article.

Supported operating systems and software

Patch management Supports Windows versions starting from Windows 7. Other platforms than Windows are not supported. See Miradore features by computer platforms for more details.

You can see a full list of products supported by Miradore patch management from the Security patch products view.

Patch management infrastructure & Firewall settings

Miradore's patch management infrastructure and firewall settings are described in Patch manager article in the Miradore basics guide.

Operator's guide to patch management

 

Patch management process phase

Instructions

Analyze patching status

Assuming patch management is up and running in your environment, you should be able to see all patches that are applicable to your assets from "Operations > Security management > Security patch status > By patch view".

"Total assets" column shows the number of applicable devices for each patch. There is also multiple status columns telling how many devices now have this patch applied, how many devices are missing the patch and if there are any devices pending for reboot after the patch installation.

You can alternatively analyze the patching status of your computers also using the "Operations > Security management > Security patch status > By asset view".

Approve patches for deployment

Miradore will not install any patches to any computers before the patches are approved for deployment in Miradore.

You can approve patches either manually or define rules for approving patches automatically.

See the following articles for more information:

How to use automatic security patch approval rules

Approving patches manually

Make sure you have suitable asset groups in your environment, because patch approvals are managed for asset groups.

Notice that user roles "Security officer" and "Administrator" can approve patch deployments.

Good to know

On the Asset page, it is possible to disable patching for one specific device until specific date. This is helpful if you want to prevent Miradore from patching the device during maintenance for example. You don't need to change the asset's maintenace window or asset group configurations.

In the "System tray notification settings", administrators can configure Miradore to show a system tray notification message to device user when patch installations are started or completed on the device.

Monitor patch deployments

It is important to monitor the installation status of patches every now and then, because there might be configuration errors or technical issues that prevent the deployment.

See Monitoring patch installations for instructions about monitoring and troubleshooting patch installations.

Maintenance & Other

Remember to check your asset groups occasionally. Make sure that asset filters are correctly configured if you are using dynamic asset groups, or remember to add/remove assets to/from the asset groups if you are using static asset groups for targeting patch management actions.

If there are patch vendors, product families, or certain patches that are not interesting or relevant to your organization, you can hide such patches from Miradore.

For instructions, see Choosing vendors whose security patches are shown in Miradore, Hiding patches by product family, Hiding specific patches from Miradore views.

In "Administration > System settings > Main > Patch management > Patch management settings", administrators can define the maximum storage time for the patch metadata and for the cached patch data. With these settings, the admins can define how long the data about obsolete or unused patches will be preserved in the system.

 

Good to know

Miradore has a "cooldown" period of 12 hours after Initial installation before Miradore Client accepts new tasks. This means that, for example, patching starts at earliest 12 hours after the operating system's installation date has passed.

In addition to scheduled patching, Miradore users and device users can also start patching immediately if device is unoccupied or in urgent need of patching. For more details, please read Install a patch immediately.

Additional information

Security patch inventory

Managing Windows 10 version updates with Miradore

 

Copyright © 2022 Miradore Ltd. All rights reserved. Miradore is a registered trademark of Miradore Ltd. All other trademarks or registered trademarks are property of their respective owners.