The VSA 10 Web App's Patch Management Module offers the capability to create Policies to update the OS as well as 3rd party applications.

To start using OS Patch Management the User will first need to create a policy. The User can create a Policy from the Patch Management -> Policies screen by clicking on the “Create Policy” button.

In the General Tab, the Policy Name, Description, Settings and Run Schedule are captured.

The Settings include -

(1) Create Restore Point before installing updates - to ensure there is a back-up, in case of any issues. This option is available for Workstations only.

(2) Reboot the machine if required - after installation or updating

(3) Notify the logged-in Users 5 minutes before reboot - to ensure all work is saved

(4) Randomize update interval - this setting prevents all systems from updating at the same time. It divides systems into multiple sets and begins patching for each set at a different point in time - all within a 30 minute duration

(5) Start patching as soon as possible if the scheduled execution was missed - to ensure systems are patched at the next available time, in case they were offline at the scheduled patching time

The Patch Policy Scheduling is very flexible in VSA 10 - you can schedule policies to run daily or weekly or monthly or at any other customized frequency of your choice. You also need to specify the first day of execution of the Policy. Please note that the scheduled date and time represents the local system date and time.

You can also choose to create an additional dedicated schedule specifically for 3rd party patch management. This means that, the patch policy will be executed for 3rd party applications during additional schedule OVER AND ABOVE the regular schedule specified above.

The "Additional dedicated schedule" is NOT the frequency of the 3rd party patch installation - it happens over and above the overall schedule.
​
For example, say the overall schedule is "Every week on Fridays" i.e. the OS Patch and 3rd Party Patches are scheduled to install once a week. Now say the Customer wants the 3rd party patches alone to not just once but thrice a week - i.e. two more times in addition to the regular schedule.
​
In this case, the Customer would use the "Additional dedicated schedule" feature to schedule 3rd party installation "Every week on Mondays and Wednesdays".
​
Therefore, now, the 3rd party patches will install thrice a week - Mondays, Wednesdays and Fridays. The OS patches will install only on Fridays.

(B) OS Rules Tab

In the "OS Rules" tab, you can set-up the Rules for OS Updates by clicking on the "Add Rule" button.

Through these Rules, the RMM can be told whether to (1) Approve and Install or (2) Don't Install or (3) Don't Install and Hide the update based on the (1) Severity (2) Name (3) Description of the Update.

Any number of OS Update Rules can be added.

Important: Rules are evaluated in the top-down order - i.e. the system checks the rules from the top and when a rule is matches the update, the evaluation will stop and that rule's action will apply. As the order of the rules is thus significant, you can use the “Move Up”, “Move Down”, “Move Last” or “Move First” action buttons to change the rules' sequence.

Note

Kindly note that, like any other RMM vendor, VSA 10 cannot block Windows updates when they are forced by Microsoft. This is because Windows updates are specifically designed by Microsoft to take precedence over any and all other preferences.
​
VSA 10 does has the “Don’t Install” option in the OS patch policies – but this is effective only (1) Within the limited duration of time (between release of the update and forcing of the update) when Microsoft still keeps the update optional and (2) On specific versions of Windows where all updates are optional.
​
VSA 10 does not endorse using any scripts to block the updates, as this has been known to cause damage to Systems. Again, this has been intended by Microsoft to ensure that Systems are unable to resist Windows updates.
​
We can provide scripts to uninstall Windows updates, but then again when Windows forces the updates again (as it is programmed to), the updates will be re-installed. So uninstallation and re-installation will happen cyclically based on Microsoft’s frequency of forcing updates.
​
At the moment, the only way to control Windows updates is by using Windows Server Update Services (WSUS), which requires manual approval before installing each update.

​

The third tab of the Policy will give the option to configure 3rd Party Patch management rules.

Once this tab is selected, a list of all 3rd party applications natively supported by VSA 10 are seen. You can select any of the 4 update-related actions for each application - Install and keep up to date or Keep up to date or Uninstall or Do nothing.

Finally, the User needs to Create / Save the policy by clicking on the corresponding button at the bottom.

Once the User clicks on the "Actions" button of the corresponding Policy, the options to (1) View the Policy (2) Run the Policy immediately (3) Edit the Policy (4) Clone the Policy and (5) Delete show up.

The created Policy can be assigned in the "Patch Management > Agent Status" section of the Web App.

You can use the filters at the top of the screen to search or specific systems / scopes / groups / tags.

To assign a policy to a system, select the button to the right of that System and choose the corresponding Policy from the resulting drop-down.

Once the policy is applied the status of the machine will be changed to Active.

You can also assign Patch Policies directly to Organizations / Sites / Agent Groups in the "Server Admin > Configurations" section.

The history section will show you detailed information about previously executed patches.

And if you will select this entry, then you will see more details about it.

The 3rd Party Patch management trial for existing customers can be started from the VSA 10 WebApp -> Patch Management -> License tab. The User needs to click on the "Activate Trial" option to gain access.

Note: It might take a few minutes to activate this trial and then you will see it as active and this option will appear in the billing section.

​