Patch Management

Modified on Tue, Sep 23 at 4:32 PM

You can find this module at the Company level only.

Patch Management is where you can find any missing patches that are supported for direct installation by the ConnectSecure agent.

Patch Management works with both Probe and Lightweight agents.

With the Probe agent, the system first downloads patches and then copies them to the remote asset for installation. This method is ideal for patching devices without a Lightweight agent. In contrast, systems with the Lightweight agent manage patching locally, downloading and applying packages directly.

If you plan to use the Patch Management feature with the ConnectSecure agent, consider adding ‘connectsecurepatch.exe’ to any allow or trusted sources for execution.

Our patch agent retrieves necessary packages from the official website, so the remote asset must have access to download them.

Additionally, the patch agent initiates OS patching by triggering the Windows Update Manager to apply relevant security updates listed in the portal. We can also control whether the system reboots after successful patching for OS updates only.

Our Patching Strategy

Curated Repo: 500+ application patches maintained internally, with the 130 most-used apps tested and optimized continuously.
Smart Flexibility: Microsoft Win-Get is used as a fallback to cover supported apps from our curated repo, leveraging Microsoft’s continuous updates.
Balanced Approach: This design combines reliability (our repo) with breadth (Win-Get), ensuring the best coverage without unnecessary risk or overhead.
Enrichment Over Time: The ConnectSecure team will analyze the patch logs and add over time based on the data, continuously improve and extend the supported applications

Check out the Patch Management Guidefor additional help.

Here is a listing of the supported applications for patching: Application Patching List

Visit our YouTube Channel for more video content: https://www.youtube.com/@connectsecure

Table of Contents
Patch Management - Details
Patch Job Failures
Date Filter
Patch Management - Toolbar Options
- Alerts
- Info
- Help Link
- Layout Settings
Get Support

Patch Management - Details

Access the Patch Management from the Assets category.

Application Patching

To view the list of software that needs to be patched, please check the table and review the details provided.

Field	Description
Software Name	Displays the name of the software that requires patching
Software Version	Displays the version number of the software
Fix Version	Displays a hyperlink to the recommended fix
Affected OS	Displays the affected operating system name
Assets	Displays a hyperlink to the count of assets affected
Action	The three-dot action menu provides a manual ‘Patch’ button

Manual Application Patching

Tap the three-dot Action menu to apply an available application patch, then choose Patch Now or Patch Later.

Patch Later option lets you set a later date and time to patch

Otherwise, Patch Now will run the selected patch and asset(s) immediately.

3rd Party - Application Patching does not reboot machines; there is no option to do this.

Automatic Application Patching

See the Patch Scheduler found at the Company or Global level.

OS Patching

To view the list of OS patches that need to be installed, please check the table and review the details provided.

Manual OS Patching

Tap on the OS Patching tab, then use the three-dot Action menu to select Patch on any available records.

You will be prompted to select the patch installation's machine(s) and reboot settings.

ConnectSecure is passing the flag for reboot to the Microsoft Update Manager, so Microsoft will show prompts to force a reboot.

Automatic OS Patching

See the Patch Scheduler found at the Company or Global level.

Patch Jobs

For Agent Offline assets, the job will be picked up once the agent comes online within 24 hours.
The agent will monitor its status continuously within this 24-hour period and will attempt to execute the patch job up to three times.
This behavior will be seen for manual and scheduled patching jobs.
If the agent is still offline after 24 hours, the job will state as failed.

We have added additional information when a patch is failing. We now display the download URL and Request Time in the error log when the patch fails because of download restriction. This will help you troubleshoot the reason for the patch failure and also open/whitelist any URLs required.

We have a local patch log file on the remote agent machine located here:

C:\Program Files (x86)\CyberCNSAgent\logs\cyberpatch.log

View the patch job details and sort on the columns.

Tap the Created or Updated date fields to view additional patch job details, including the Asset Name, Status, From Version, and to version values.

When a Patch Job is pending, selecting the three-dot action menu reveals the option to terminate the job.

Patch Job Failures

If you see "FAILED" under the Job Status for patching, click on the Created date and time column to view more details that can assist with resolution.

Date Filter

Allows users to filter table data by selecting a specific date. The table will update to display entries that match the selected timeframe.

Patch Management - Toolbar Options

Alerts

View our timeline style of System Events captured for each company. You can set an optional date filter range to target a specific date range of events.

Info

Tap here to view your V4 Getting Started Info.

https://cybercns.atlassian.net/wiki/x/MIDKfw

Help Link

Click to access the related documentation page; this link is functional on all screens and will take you to the appropriate documentation page.

Layout Settings

Here, you can change the UI look and feel using various options, including the Theme for color, the Scheme for dark and light mode, the Layout for toolbar and module positions, and the toggle to set the table view default.

I prefer the Teal color, Light mode, and Classic layout with an asset table view.