Recommended OS settings for Patch Management

What are the recommended settings for Windows and Linux machines for Comodo Patch Management to work? I’d like for Windows to not auto-download and not auto0install updates. I also don’t want my users’ gettings notified that there are patches available.

Most of my machines are in domain environments, so if I need to deploy a GPO I am fine with that, I would just like to know what settings to use.

Hello @eit-tech
For Linux endpoints, the patch management functionality in the ITSM portal is still in the works.

For Windows endpoints, as long as the Comodo Client Communication (CCC or ITSM client) is running, Windows Update (WU) will only check for updates but not install them. The settings that you configured in the ITSM Patch Management (and assigned profile) will be enforced on these endpoints.

For suppressing the WU notifications/popups, you can set them through GPO. Please do check the discussion on this MS Technet thread about it.

We also have a script to suppress the WU notification in Windows 10 endpoints.

Also, we would like to inform you of the upcoming update to the C1 platform this Saturday (Jan 27th).

Rick - we have a client with several Windows 7 machines - Comodo Client Communication is running, and they are complaining that the updates are in fact running/installing. Just last week I had to go onsite because one of the users forced-stopped his updating in the middle of the process and caused his computer not start. What do you think is going on there then? Does Comodo communication client automatically try and configure Windows update settings to ‘only check’? is there a way to guarantee this setting-- perhaps a script to reconfigure Windows Updates? I know there’s one to disable the service, but then we can’t patch at all.

Thanks
ron

It is possible @RSnumssp to reconfigure the scheduling of Windows Update. You will simply have to schedule it outside office hours (assuming the endpoints are left on). It can also be beneficial if the endpoints are really offline on the chosen schedule if you simply want to make sure that Windows updates are not installed without you first checking which update needs to be installed or not.