Save 20% on select AVG Business products


Patch Management for Windows

Identify and automate software update patches, ensuring your applications are always up to date.


30-day money-back guarantee

UI Notebook What is Patch Management?

What is Patch Management?

Patches are software and operating system updates that address security vulnerabilities within an application. Software vendors constantly release patches to fix vulnerabilities and provide enhanced security features. Patching can be complex and time consuming, but ignoring software updates isn’t an option.

If patches are not installed in a timely manner, networks can be severely compromised. Patch Management solves these issues by making it easy to identify and deploy critical patches, and monitor ongoing activity from a central cloud management console.

UI Notebook What is Patch Management?

How It Works

1. Scan devices

1. Scan devices

Schedule automatic patch scans. Select from daily, weekly or monthly options.

2. Deploy patches

2. Deploy patches

Patches will be deployed automatically for all software applications. You can easily exclude any application that you don’t want patched.

3. Review dashboard

3. Review dashboard

Easily see the status of all your patches, including missing patches and severity level.

Powerful features to keep your applications protected

Flexible deployment schedules
Flexible deployment schedules

Schedule and deploy approved patches at desired times or manually deploy to groups or individual devices.

Customizable patches
Customizable patches

Choose software vendors, products, and the severity of patches to scan and install. Easily create exclusions for applications.

Master agent capabilities
Master agent capabilities

Download all missing patches to a master agent that seamlessly distributes patches to all managed devices in the network.

Automatic scans
Automatic scans

Schedule patch scans to run automatically every 24 hours and set patches to deploy automatically every Thursday. These default settings can be customized at any time.

Intuitive dashboard
Intuitive dashboard

Manage all software patches and view graphical summaries of installed, missing, or failed patches from any device.

Thousands of patches
Thousands of patches

Deploy patches for Windows Operating Systems and thousands of other third-party software applications for comprehensive protection.

Patch scan results
Patch scan results

View detailed results from a single platform that includes information on missing patches, severity levels, knowledge base links, release dates, descriptions, and more.

Rollback and ignore
Rollback and ignore

Simply rollback patches if they are unstable from individual devices or ignore so they don’t show in patch results or get redeployed.

Download Data Sheet


30-day money-back guarantee

Get Patch in our Cloud Management Console

Manage your AVG endpoint protection solutions from one central platform. Patch Management can only be managed from the console. Learn more about the Management Console

100% Money-Back Guarantee icon, green

Money-Back Guarantee

Buy without risk! If you're not satisfied in the first 30 days, we'll refund your money. Learn more

Boxshot AntiVirus Business edition no shadow

Frequently Asked Questions

Should I turn off Windows Update before using Patch Management?

Yes, it is highly recommended that you change Windows Update settings for your devices via the Windows Update Center and/or Group Policy so Patch Management can provide updates.

The Windows Update service must not be disabled; rather, it should be set to either Manual or Automatic to successfully deploy patches. In addition, the Windows Update setting on each target machine (Control Panel > System and Security > Windows Update > Change settings) should be set to Never check for updates.

How do I set up a patch schedule for groups and/or devices?

You can set your patch schedule in Device Settings > Policy > Patch Management > Step 2. All devices or groups under the Patch Management policy will follow the schedule you set.

What is the difference between the Patches page and the Devices page?

The Patches page provides an overview of all missing patches for all devices connected to your console. The Devices page provides a list of your devices and the Device Patch Results tab identifies missing patches for that particular device.

How do I see the patch status for all my managed devices?

You will see detailed information on the severity of missing or installed patches with vendors, and on software applications.

Where can I see how many devices are licensed for patch?

You will be able to see how many devices are licensed for patch under the ‘Subscriptions’ section in the console.

Why are my Mac OS X devices not being patched?

We are planning to support Patch Management for Mac OS X devices at a later time.

Why are some devices not patched even after the patches have been deployed?

Could be due to the following reasons:

  • 1. The patch is currently being installed on those devices and will sync back with the console after the patch has been successfully installed.
  • 2. The patch could have failed to install and will be scheduled for a reinstall based on your patch deployment schedule.
  • 3. The device is offline.

Where can I modify the patch schedule and add exclusions?

You can modify the patch deployment schedule and exclude vendors and applications by going to Device Settings > Select Policy > Patch Management tab.

Can I patch all my devices in a single action?

Yes, you can manually deploy patches to individual devices and groups of devices in one action.

What statuses do patches have?

Patches will be in one of the following states.

  • Scheduled: Grey Icon - Patch approved and scheduled to be deployed to device/s
  • Deployed: Green Icon - Patch successfully deployed to device/s
  • Failed to deploy: Red Icon - Failed to deploy patch/es to device/s
  • Missing: Yellow Icon - Patch is missing from device/s
  • Waiting to scan: Grey Icon - Waiting to run patch scan on device
  • Failed to scan: Red Icon - Failed to run patch scan on device

How long does it take to patch a device?

It could take from a few seconds to hours. The time depends on the size of the patch that is being downloaded to the device, the software application it is updating, and the hardware of the device.

Will my device that is set as the Master Agent download patches and deploy to my devices?

Yes, the device you have selected as the Master Agent will be used to store the software application patches and will distribute them to devices on the network so as to save bandwidth. If you do not have a Master Agent selected, devices will download the software application patch directly from the internet (not recommended).

Chrome browser logo

AVG recommends using
the FREE Chrome™ internet browser.

Skip to content Skip to menu