Patch Management for Windows Applications

From Notes_Wiki

Home > ManageEngine Endpoint Central > Patch Management for Windows Applications


Application Updates Using Endpoint Central

This page explains how to manage and deploy third-party application updates using **ManageEngine Endpoint Central**. The process includes scanning for outdated software, approving updates, and deploying patches to client systems.

Supported Applications

Endpoint Central supports a wide range of third-party applications for patching, including:

  • Google Chrome
  • Mozilla Firefox
  • Adobe Reader
  • Java Runtime Environment (JRE)
  • VLC Media Player
  • WinRAR
  • Notepad++
  • Zoom
  • Microsoft Teams
  • and many more...

> 📌 The full list of supported applications is available in the Endpoint Central portal under Patch Management > Supported Applications.

Prerequisites

  • Endpoint Central agents must be installed on all target endpoints.
  • The patch database must be updated.
  • Third-party patching option should be enabled under patch settings.
  • Internet access or internal repository must be available to fetch application updates.

Step 1: Enable Application Patch Management

Go to: Admin → Patch Settings → Patch Database Settings

  • Ensure the following is enabled:
 * Third-party Application Updates
 * Security and Non-Security Updates

Click Save to confirm.

Step 2: Scan Systems for Outdated Applications

Go to: Threats & Patches → Scan Systems

  • Select all or specific client machines.
  • Click Scan Now.
  • This will detect outdated versions of installed applications.

Step 3: View Missing Application Updates

Go to: Threats & Patches → By Applications

  • Here you can see which apps are outdated.
  • You’ll also find version information and release notes.

Step 4: Approve and Publish Application Updates

  1. Select the required application update(s).
  2. Click on Install / Publish Patches.
  3. Choose a Deployment Policy (you can create one if needed).
  4. Select deployment time:
  * Deploy anytime at the earliest
  * Schedule during off-hours or maintenance window

Step 5: Select Target Computers

  • Select the group of computers or specific devices where the patch needs to be applied.
  • Click Deploy to begin update rollout.

Monitoring Status

Track the update progress and results under:

  • Threats & Patches → Deployment Status
  • Reports → Patch Reports → Third-Party Application Patch Summary

Best Practices

  • Enable regular scans (daily or weekly) for application updates.
  • Test patches in a small group before rolling out widely.
  • Monitor logs for failed installations and retry if needed.
  • Create dynamic groups based on application versions.

Notes

  • Not all applications support silent patching. Some might require user interaction or reboots.
  • You can configure patch reboots and retry intervals in Deployment Policy Settings.
  • Endpoint Central periodically syncs with its patch catalog; ensure internet or proxy access is working correctly.




Home > ManageEngine Endpoint Central > Patch Management for Windows Applications