Kaseya Community

Patch Management vs Software Management

This question is not answered

Hello,

I am currently using Patch Management to handle Windows updates on all of our systems. I have noticed some vulnerabilities related to 3rd-party apps and would like to use Software Management to patch them. Will there be any conflicts in the VSA if I use both features? Is one better than the other for Windows updates?

Thank you

All Replies
  • We have a feature within software management which prohibits this behavior (it can be turned off).  Here is some detail from our documentation:

    Prevent an agent from running both Patch Management and Software Management at the same time - If checked, Software Management will not run Scan Now on an agent if that agent is configured to use any of these Patch Management features:

  • Personally, I would stay with Patch management for now. What kind of vulnerabilities are you having issues with?

  • You can use Patch Management for Windows and Software Management for third party software separately.

  • Have they fixed the issue where Software Management is completely destroying the available bandwidth on networks yet?

  • There is a reason why I said personally :p

  • No they haven't!  I created ticket 249898 and the support rep told me that I should stagger my scan.   I'm new to Kaseya, but the onboarding training said that the scan should be done during the day to capture as many machines as possible.  My professional services onboarding person said the same.  When I explained that we kick this off on wed afternoon for 400 agents, our entire 300down 20up is toast for the afternoon.  He said that he's heard that.  We aren't even doing the deployment yet.  Just the scan.  I'm still managing patching with Labtech at this point.  

  • There's also an issue with Software Management Policies - you can't merge a Scan Schedule with an Update policy - whichever applies first overrides the other.

    We use a single policy to define server scans, and around 50 policies to define the update schedule. We keep them separate so we don't have to update 50 policies when the scan schedule changes.

    This is just one of a few issues in S-M that's keeping us from using or recommending it at this time.

    Glenn