Patch Management for Windows Applications
Home > ManageEngine Endpoint Central > Patch Management for Windows Applications
Application Updates Using Endpoint Central
This page explains how to manage and deploy third-party application updates using **ManageEngine Endpoint Central**. The process includes scanning for outdated software, approving updates, and deploying patches to client systems.
Supported Applications
Endpoint Central supports a wide range of third-party applications for patching, including:
- Google Chrome
- Mozilla Firefox
- Adobe Reader
- Java Runtime Environment (JRE)
- VLC Media Player
- WinRAR
- Notepad++
- Zoom
- Microsoft Teams
- and many more...
> 📌 The full list of supported applications is available in the Endpoint Central portal under Patch Management > Supported Applications.
Prerequisites
- Endpoint Central agents must be installed on all target endpoints.
- The patch database must be updated.
- Third-party patching option should be enabled under patch settings.
- Internet access or internal repository must be available to fetch application updates.
Step 1: Enable Application Patch Management
Go to: Admin → Patch Settings → Patch Database Settings
- Ensure the following is enabled:
* Third-party Application Updates * Security and Non-Security Updates
Click Save to confirm.
Step 2: Scan Systems for Outdated Applications
Go to: Threats & Patches → Scan Systems
- Select all or specific client machines.
- Click Scan Now.
- This will detect outdated versions of installed applications.
Step 3: View Missing Application Updates
Go to: Threats & Patches → By Applications
- Here you can see which apps are outdated.
- You’ll also find version information and release notes.
Step 4: Approve and Publish Application Updates
- Select the required application update(s).
- Click on Install / Publish Patches.
- Choose a Deployment Policy (you can create one if needed).
- Select deployment time:
* Deploy anytime at the earliest * Schedule during off-hours or maintenance window
Step 5: Select Target Computers
- Select the group of computers or specific devices where the patch needs to be applied.
- Click Deploy to begin update rollout.
Monitoring Status
Track the update progress and results under:
- Threats & Patches → Deployment Status
- Reports → Patch Reports → Third-Party Application Patch Summary
Best Practices
- Enable regular scans (daily or weekly) for application updates.
- Test patches in a small group before rolling out widely.
- Monitor logs for failed installations and retry if needed.
- Create dynamic groups based on application versions.
Notes
- Not all applications support silent patching. Some might require user interaction or reboots.
- You can configure patch reboots and retry intervals in Deployment Policy Settings.
- Endpoint Central periodically syncs with its patch catalog; ensure internet or proxy access is working correctly.
Home > ManageEngine Endpoint Central > Patch Management for Windows Applications