Patch management strategy

What are others doing for Patch Management strategy? … Are you just patching as soon as new updates are available? Patching at a particular time/schedule? Or are you actually reviewing the windows updates yourself prior to patching the rest of the systems?— what’s your philosophy of action typically on a monthly basis? Is it a weekly, monthly, quarterly thing?. . . just seeing what’s working as far as a good balance for others.


I push out workstation updates every day. 16.00

server updates i push out definition updates daily.

then I manually do server updates.


We only push out patches that we ‘approve’
We approve patches after verifying that it does not create problems in our environments(as best possible)
We push patches only between the 5 th and 25 th of a month,
–For servers on a Tuesday
–For workstations on a Tuesday, Wednesday, Thursday

We push updates at night -
–for servers always
–for workstations during the first 2 qualifying nights (after that also during the day)

We have workstations grouped in a ‘Test’, ‘Pilot’, Production groups and we start Test groups first, 2 days later Pilot groups and 2 days after that Production.

The above tries to
1.Limit impact during ‘peak’ days and hours (no updates before and after month end)
2.Limit the risk for show stopper updates
3. Schedule possible update support to times we have access to the most resources to address issues


That makes sense. I try to read about patches before applying them. But unfortunally sometime I don’t have time so if they are urgent patches, I apply them crossing fingers :frowning: . I think the correct procedure would be to try the patch on testing machines or at least to read about them before applying otherwise a patchment managment has not lot of sense in my opinion. Maybe comodo could create a service inside C1 where patches are virtually tested or a forum where whe can share info about patches.

Hello @datalink,

Your suggestion “Maybe comodo could create a service inside C1 where patches are virtually tested” is a great idea (the idea that pops into my mind is sandboxing dedicated to testing Patches). We will have our developers look into this or request other possible option that will perform the task on top of the other options you have mentioned. Thank you and we appreciate the ideas you have shared.

One of the biggest problems is not having the time to review everything. … I love the idea of virtually testing and/or forum of reviews where problematic updates are highlighted and warned out (esp inside the platform). … Some kind of like solution would be really useful.

@evoevoevo ,

A beta environment allows you to pre-evaluate our upcoming release. A weeks notice will be provided on our forum community for testing purposes. This allows you enough time to test upcoming Features, enhancements and previously resolved issues.


We are subscribed to an email list called ‘’ that will make you aware of issues regarding windows patches(by way of subscribers complaining about issues…). We also monitor Google for Windows Patching issues as forums/comminities like Computerworld, ZDnet, TechNet etc is huge and problems will be discussed there long before we pick it up internally. Perhaps Comodo can create a virtual test bed/forum but I do believe we all have access to this information already via the resources mentioned.