I was just wondering if I need to manually select all available updates and select install in order for those updates to be scheduled with a patch procedure or whether I need an additional procedure to approve the updates first, or if simply clicking install patches sends the install command to all active agents and schedules for those offline?
I am using the ITSM patch management and not the separate Patch Management module, I understand that the ITSM patch is being developed to replace the separate module?
I understand that the ITSM patch is being developed to replace the separate module?
That is correct.
I was just wondering if I need to manually select all available updates and select install in order for those updates to be scheduled with a patch procedure or whether I need an additional procedure to approve the updates first, or if simply clicking install patches sends the install command to all active agents and schedules for those offline?
Either of the two methods (manual or through a procedure) can accomplish the goal of installing OS updates in Windows devices. Please do check the following guide for more information: Installing OS Patches on Windows Endpoints
Do you know if the patch management can work in conjunction with WSUS i.e. all the agents look to the network resources for updates downloads rather than downloading the patches individually from the internet …or is the agent cleaver enough to cache and share updates over the lan?
Just thinking of a particular site with poor internet access
Ok so I would assume that WSUS would require the PCs to report in and have the updates approved and downloaded to WSUS. Then the Comodo agent reports from the PC what updates are available from wsus and schedules the install of updates via comodo patch maintenance procedures.
If the updates are not available or approved from the WSUS console then the update will not be available to install via the RMM agent
This is 100% right, the ITSM agent only sees updates which have been approved by your local WSUS server, this is a pain if im honest. Id like the ITSM agent to do a separate scan of available patches from MS so that we had a sanity check against WSUS or the ability to push updates to machines which have been off network for a while.
@dbettens for the moment any staff that roam on a significant basis have their update source pointed at MS, then attempt to use C1 to control the updates. Its not perfect but sort of works. However at the moment im not even sure that the ITSM patch management is doing anything. My portal is showing 20 devices with critical patches (which have already been installed, a week ago). Resetting the PM db and refreshing the data does nothing.