Oct 7th, 2024 - We have intentionally removed Microsoft Teams from the patching process. This decision was made because the upgrade has proven to be unreliable with the offline patch installers, which has caused issues with the update. Once we have this sorted out, we will make these applications available again.
May 21st, 2024 - ConnectSecure has ceased application patching support for Microsoft Edge in our patching process. Due to many reported issues of Edge crashing after upgrades, we have decided to discontinue support for patching this application. ConnectSecure will still identify vulnerabilities.
Patch Management works only with lightweight agents and is found only at the company level.
Consider adding in ‘connectsecurepatch.exe’ if you plan to use the Patch Management feature included with the ConnectSecure agent.
Our patch agent retrieves the necessary packages from the official website, so the remote asset we patch must have access to download these packages.
Additionally, the patch agent initiates OS patching by triggering the Windows Update Manager to apply the respective security updates listed in the portal. We can also control whether the system can be rebooted after successful patching.
Check out our Patch Management Guide
Patch Management functions work for patches of Application (3rd Party) and OS (Operating System).
When using the ConnectSecure Patch engine to update the application, we perform a thorough verification process before deploying any patches or updates. This includes checking the file hashes to ensure the integrity and authenticity of the downloaded files.
Patch Management - Table of Contents
Patch Management - Overview
Check out our Patch Management Guide
ConnectSecure Patch Management allows you to install 3rd party software and operating system-level patches in two ways.
Manually from the Patch Management screen.
Automatically based on the Patch Scheduler configuration.
Lightweight Agent is required for patching; Probe agent patching is a work in progress.
Access Roles
The list of Access roles to be provided for Patch Management.
To patch an application, please ensure that ADMIN or ASSETWRITER roles are assigned.
Roles | Patch Management |
---|---|
ADMIN | Yes |
PIIVIEWER | No |
PIIWRITER | No |
APPROVER | No |
ASSETVIEWER | No |
ASSETWRITER | Yes |
VULNERABILITYVIEWER | No |
VULNERABILITYWRITER | No |
COMPLIANCEVIEWER | No |
COMPLIANCEWRITER | No |
ACTIVEDIRECTORYVIEWER | No |
ACTIVEDIRECTORYWRITER | No |
The patch management module has three main sections: Application Patching, OS Patching, and Patch Jobs.
Patch Management - Details
Tap below to download the full application patching list in Excel format.
Application Patching
To view the list of software that needs to be patched, please check the table and review the details provided.
Field | Description |
---|---|
Software Name | Displays the name of the software that requires patching |
Software Version | Displays the version number of the software |
Fix Version | Displays a hyperlink to the recommended fix |
Affected OS | Displays the affected operating system name |
Assets | Displays a hyperlink to the count of assets affected |
Action | The three-dot action menu provides a manual ‘Patch’ button |
Manual Application Patching
Tap the three-dot Action menu to apply an available application patch, then choose Patch Now or Patch Later option.
Patch Later option lets you set a later date and time to patch
Otherwise, Patch Now will run the selected patch and asset(s) immediately.
3rd Party - Application Patching does not reboot machines; there is no option to do this.
Automatic Application Patching
See the Patch Scheduler found at the Company or Global level.
OS Patching
To view the list of OS patches that need to be installed, please check the table and review the details provided.
Manual OS Patching
Tap on the OS Patching tab, then use the three-dot Action menu to select Patch on any available records.
You will be prompted to select the patch installation's machine(s) and reboot settings.
ConnectSecure is passing the flag for reboot to the Microsoft Update Manager, so Microsoft will show prompts for the force to reboot.
Automatic OS Patching
See the Patch Scheduler found at the Company or Global level.
Patch Jobs
For Agent Offline assets, the job will be picked up once the agent comes online within 24 hours.
(Agent will monitor the agent status for 24 hours, if agent comes online it will pick up the patch job.
This behavior will be seen for manual and scheduled patching jobs.
If the agent is still offline after 24 hours, the job will state as failed.
We have added additional information when a patch is failing. We now display download URL and Request Time in error log, when patch fails because of download restriction. This will help you troubleshoot the reason for patch failure and also open/whitelist any URL's required.
We have a local patch log file on the remote agent machine located here:
C:\Program Files (x86)\CyberCNSAgent\logs\cyberpatch.log
View the patch job details and sort on the columns.
Tap on the Created or Updated date fields to see additional patch job details, including the Asset Name, Status, From Version, and To Version values.
Patch Job Failures
If you see FAILED under the Job Status for patching, tap on the Created date and time column to view additional details that can help with resolution.
Please send any issues to our Support Team if you need help by emailing support@connectsecure.com
Patch Management - Action Toolbar Overview
The standard Alerts menu is available from the side navigation toolbar.
Patch Management - Action Toolbar Actions
Alerts
Tap to view the System Events timeline-style alerts.
Need Support?
Contact our support team by sending an email to support@connectsecure.com or by visiting our Partner Portal, where you can create, view, and manage your tickets.
https://cybercns.freshdesk.com/en/support/login