ESET Online Help

Search English
Select the topic

Patch Management

Patch management helps ensure that systems and applications are secure against known vulnerabilities and exploits. The Patch management section lists all available patches remedying the detected vulnerabilities and makes the remediation process easier through automated software updates. With patching options, you can promptly ensure that your endpoints are updated with the latest security patches.


note

Prerequisites

To view and enable ESET Vulnerability & Patch Management, ensure you have one of the following tiers:

ESET PROTECT Elite

ESET PROTECT Complete

ESET PROTECT MDR

ESET PROTECT MDR Ultimate

You can enable ESET Vulnerability & Patch Management on computers running:

ESET Management Agent version 10.1+

ESET Endpoint Security for Windows version 10.1+

ESET Endpoint Antivirus for Windows version 10.1+

ESET Server Security for Microsoft Windows Server version 11.0+

ESET Mail Security for Microsoft Exchange Server 11.0+

ESET Security for Microsoft SharePoint Server 11.0+

ESET Endpoint Security for macOS version 8.0+

ESET Endpoint Antivirus for Linux version 11.0+ (Patch Management not available). Vulnerabilities detection is currently supported only on the following operating systems:

Ubuntu Desktop 20.04 LTS

Ubuntu Desktop 22.04 LTS

Ubuntu Desktop 24.04 LTS

Red Hat Enterprise Linux 8 with supported desktop environment installed

Red Hat Enterprise Linux 9 with supported desktop environment installed

Linux Mint 20

Linux Mint 21.1, Linux Mint 21.2

ESET Server Security for Linux version 11.0+ (Patch Management not available)


note

You can also purchase ESET Vulnerability & Patch Management as a separate add-on for the ESET PROTECT Entry and ESET PROTECT Advanced tier.


important

ESET Vulnerability & Patch Management is not supported on Windows devices with ARM processors.


warning

ESET Bridge users

ESET Bridge blocks the Patch Management network traffic by default. ESET Bridge does not affect the reporting of vulnerabilities.

To enable the Patch Management network traffic, disable the Access Control List (ACL) rules in the ESET Bridge configuration file:

1.Open the ESET Bridge configuration restrict.conf.template file in a text editor:

oWindows: C:\ProgramData\ESET\Bridge\Proxies\Nginx\Conf\restrict.conf.template

oLinux: /var/opt/eset/bridge/nginx/conf/restrict.conf.template

2.Change set $valid_host 0; to set $valid_host 1;. If the line does not exist, add it at the beginning of the file.

3.Save the restrict.conf.template file.

4.Restart the ESET Bridge service.

Disabling ACL rules allows the routing of all network traffic via ESET Bridge (ESET Bridge becomes an open proxy).

Patch Management is enabled during Vulnerabilities & Patch Management activation.

View Patch Management

You can view Patch Management from several places:

Click Patch Management in the main menu to open the Patch Management section and view a list of patches

Click Computers > select Details > in the Vulnerability & Patch Management tile, click Show patches to open the Patch Management section

Grouping the view

To group patches, select from the drop-down menu:

Ungrouped—default view

Group by Application name—when grouped, click an application row and click Show Devices to display devices (computers) where a patch will be applied

Filtering the view

To filter, click Add Filter:

1.In some filters, you can select the operator by clicking the operator icon next to the filter name (the available operators depend on the filter type):

icon_equals Equal to or Contains

icon_does_not_equal Not equal to or Doesn´t contain

icon_greater_than_or_equal Greater than or equal to

icon_less_than_or_equal Less than or equal to

2.Select one or more items from the list. Type a search string or select the items from the drop-down menu in the filter fields.

3.Press Enter. Active filters are highlighted in blue.

Application name—the name of the application with the vulnerability

Application version—the version of the application causing the vulnerability

Patch version—the patch version

Severity—severity level, including informational, warning, or critical

Computer name—the name of the affected computer

Application vendor—the name of the application vendor

Side panel with details

Click an application name to view application details in a side panel. Application preview manipulation:

icon_apply_later_defaultNext—displays the next application details in the side panel

icon_apply_sooner_defaultPrevious—displays the previous application details in the side panel

gear_iconManage content for Patch Details—manages how the side panel sections are displayed and in what order

remove_defaultClose—closes the side panel

cloud_patch_management_preview

Deploy patches


important

You can patch only selected apps.

Only apps installed for all users per computer are supported for patching. Currently, the patch management does not support patching the apps installed per user.


important

We recommend that you enable the auto-patch management via a policy.


important

You can enable operating system auto-updates and select the severity levels for applying OS updates via a policy.

ESET Endpoint Security for macOS does not currently support OS scanning and patching.

When automated patching is configured, the solution will automatically patch applications during maintenance windows.


note

Some applications may restart the computer automatically after an upgrade.


note

Some applications (for example, TeamViewer) can be licensed to a specific version. Revise your applications. To avoid an unnecessary upgrade, set Auto-patch strategy > Patch all except excluded applications while creating a policy.

Alternatively, you can deploy patches via:

Select the applications where you want to deploy patches > click the Actions button and click Update.

To patch an application on all affected devices, apply the Group by Application name view, select the application name row, click icon_more_vertical and click Update.

After you deploy patches with the Update button, a new client task Apply application patch will be created automatically in Tasks. For endpoints, the patches will be applied based on the Vulnerability & Patch Management scheduler set in Policies. For servers, the patches will be installed after a 60-second countdown with no option to postpone.

For more information, see Vulnerability & Patch Management FAQ.