In Nebula, the Patch Management module allows you to install updates on software applications such as Adobe Acrobat, Mozilla Firefox and Zoom by retrieving the latest installers from the vendors. For a full list of supported applications, see Supported Patch Management applications in Nebula.
Reboots may be required by the third-party vendor to complete the installation of updates, so it is recommended to install or schedule software updates on your endpoints during nonoperating hours.
If you have the Vulnerability Assessment module, you can monitor the endpoints' applications for vulnerabilities and update them with Patch Management.
There are four different methods to update view available third-party software:
Scheduled software updates
Create a schedule to install third-party software updates on a regular basis. This schedule installs all third-party software updates found at the time the schedule is run. Keeping your software programs updated provides you with the latest features and covers any security holes or vulnerabilities. To create a schedule:
- On the left navigation menu, go to Configure > Schedules.
- In the top right, click New.
- Enter a schedule name and choose Software updates for Type.
- Optionally, specify which supported third-party applications to update or exclude from updating.
- Configure endpoint reboot settings with the options in the table below.
- Optionally, customize a deployment message and select the duration before the third-party application automatically updates.
- On the Schedule groups tab, select target groups for the schedule.
- On the Schedule frequency tab, set the frequency, start date, and start time.
- Toggle on Run missed scans as soon as possible to allow the schedule to run if the endpoint was offline during the configured schedule time.
Note: To avoid unexpected updates after a powered-off endpoint comes online, toggle this setting off. - Click Save.
Reboot settings
| Setting | Description |
|
Don't reboot servers |
Prevent servers from rebooting after an application update. |
| Use existing reboot settings | Follow the policy reboot settings. |
| Override existing reboot settings | Override the policy and customize the reboot settings. |
| Enable pre-deployment message | Allow users to see a custom message before the update is deployed. |
| Message displayed prior to deployment | The message displayed to users if an application update requires a reboot. |
| Delay deployment | The time before the endpoint automatically reboots. |
Note: A user can continue to postpone a reboot indefinitely unless the reboot delay time is reached. Subsequent popups will wait for 1 minute for additional postponement otherwise the endpoint will reboot. If a user postpones a reboot, the Events screen shows an Audit event.
Software updates tab
Navigate to the Software updates tab to view all available software updates across your environment. To locate the Software Updates tab:
- On the left navigation menu, go to Monitor > Patch Management.
- On the top-left, click Software Updates.
To install an update:
- Select all or check specific boxes for applications on endpoints you wish to update.
- At the top-right of the Software Inventory page, click Update Software.
- In the confirmation window, click Update.
Software Inventory page
On the left navigation menu, go to Monitor > Software Inventory to navigate to the Software Inventory page. This page provides an overview of all installed software across your environment and update them.
TIP - The Software Update option is only enabled if the installed agent determines there is an update available.
To install an update:
- Filter using the Update Available column to identify software with updates available.
- Select all or check specific boxes for applications on endpoints you wish to update.
- At the top-right of the Software Inventory page, click Update Software.
- In the confirmation window, click Update.
Software update information
View the following information for each available software update:
- Application: Name of the application.
- Application version: Current application version.
- CVE count: Number of CVE's available to patch.
- Endpoint: Host name of the endpoint.
- Group: Group of the endpoint.
- Identified date: Date the software update was identified.
- Installed date: Date the software was installed.
- Vendor: Vendor of the application.
- Version available: Version of the available update.
Endpoints page
On the Endpoints page, add a new column to see how many available patches there are for each endpoint. The following column is available:
- Available patches: Shows the number of available OS patches and 3rd-party software updates. Click the value to go to the Patch Management page filtered by the selected endpoint.
Return to Malwarebytes Patch Management guide.