Exclude Patches

Applies To: WatchGuard Patch Management This topic applies to the WatchGuard endpoint security module, Patch Management. Patch Management is available with WatchGuard EPDR, WatchGuard EDR, and WatchGuard EPP.

If you never want to install a patch, because it has known issues or makes unwanted changes to a program, you can exclude the patch in Patch Management. You cannot install excluded patches.

When you exclude a patch, you exclude a specific version of the patch. If the software vendor releases a later version of that patch, it is not automatically excluded.

Your operator role determines what you can see and do in WatchGuard Cloud. Your role must have the Install, Uninstall and Exclude Patches permission to view or configure this feature. For more information, go to Manage WatchGuard Cloud Operators and Roles.

To exclude a patch:

1. In WatchGuard Cloud, select Monitor > Endpoint Security.
2. Select Status.
3. From the left pane, select Patch Management.
   The Patch Management dashboard opens.
4. In the Available Patches tile, click a type of patch or click View All Available Patches.
   The Available Patches list opens.

   

5. To search the list, type text in the Search box, and click .
6. To filter the list, select Filters, specify the types of patches you want to exclude, and click Filter.
7. In the row of the patch you want to exclude, click and select Exclude.
   The Exclude Patch dialog box opens.

   

Exclude Patches dialog box for Subscriber accounts

8. Select whether you want to exclude the patch for the selected computer or all managed computers in your network.
9. Click Exclude.

To unexclude an excluded patch:

1. In WatchGuard Cloud, select Monitor > Endpoint Security.
2. Select Status.
3. From the left pane, select Patch Management.
   The Patch Management dashboard opens.
4. In the Available Patches tile, click View Excluded Patches.
   The Excluded Patches list opens.

   

5. In the row of the patch you no longer want to exclude, click and select Stop Excluding.
   If your Service Provider has excluded a patch, a Partner label shows in the Excluded by column. You cannot include or exclude that patch.
6. On the Excluded Patch details page, review the patch details and patch installation status.
   • To review a list of the computers where the patch was installed, click a number of affected computers in the account.
   • To review the tasks used to install the patch, click the task name.
   • To no longer exclude the patch, click Stop Excluding.

Related Topics

About Patch Management

Install Patches

Download Patches Manually

Patch Management Best Practices