Configure Patch Management Security Settings

Applies To: WatchGuard Patch Management This topic applies to the WatchGuard endpoint security module, Patch Management. Patch Management is available with WatchGuard EPDR, WatchGuard EDR, and WatchGuard EPP.

In a Patch Management settings profile, you configure settings to specify when WatchGuard Patch Management searches for new patches and software updates, and to specify the types of patches that Patch Management searches for. You can also disable the Windows Update on your computers.

You can configure these Patch Management settings:

Disable Windows Update on Computers

To make sure that Patch Management manages the updates on your Windows computers, in the Patch Management settings profile, select Disable Windows Update on Computers.

When you enable this option, Patch Management manages updates exclusively for computers on your network. Local Windows Update settings are not used.

Automatically Search for Patches

To enable Patch Management to automatically search for available patches, enable Automatically Search for Patches. If this option is not enabled, Patch Management lists do not show missing patches, although you can use patch installation tasks to install missing patches on computers.

Patch Installation

Specifies if the patch installs on the devices in a group when the settings profile is assigned. You can also designate computers in the group as test computers for patch installation.

Search Frequency

Specifies how often Patch Management searches the cloud-based patch database to check for missing patches for your computers.

You can search for missing patches every 1, 3, 6, or 12 hours, or once a day.

Patch Criticality

Specifies the importance (or criticality) of the security patches that Patch Management searches for, and whether to search for other non-security patches and service packs.

Software vendors define the importance of the security patches they make available to address vulnerabilities. Patch classifications are not universal and vary by vendor.

To determine whether you want to install a patch, we recommend that you review its description, especially for patches that a vendor does not classify as Critical.

To configure Patch Management settings:

1. In WatchGuard Cloud, select Configure > Endpoints.
2. Select Settings.
3. From the left pane, select Patch Management.
   
4. Select an existing security settings profile to edit, copy an existing profile, or in the upper-right corner of the window, click Add to create a new profile.
   The Add Settings or Edit Settings page opens.

   

5. Enter a Name and Description for the profile, if required.
6. To make sure that Patch Management manages Windows updates on your computers, enable the Disable Windows Update on Computers toggle.
7. To automatically search for patches, enable Automatically Search for Patches.
8. Select a patch installation option.
   • Install patches — Automatically apply patches to the devices in the assigned groups.
   • Designate as test computer and install patches — Designate the devices in the assigned groups as test computers.
   • Do not install patches — Do not apply patches to devices in the assigned groups.
9. To specify how often to search for patches, from the Search Frequency drop-down list, select a frequency.
10. To specify which patches to search for, in the Patch Criticality section, enable or disable toggles for different types of Security Patches, Other Patches, and Service Packs.
    The Other Patches category includes patches with bug fixes and feature enhancements for macOS and Linux.
11. Click Save.
12. Select the profile and assign recipients, if required.
    For more information, go to Assign a Settings Profile.

Related Topics

About Patch Management

Manage Settings

Copy a Settings Profile

Edit a Settings Profile

Assign a Settings Profile