You can create a deployment job to install missing patches on assets. You have three options to create the deployment job 1) from the Jobs tab 2) from the Assets tab and 3) from the Patches tab. The difference between the two options is when creating a job from the Jobs tab, you select the assets while creating the job, where as when creating job from Assets tab, you select the Assets first and then create deployment job to deploy patches on those assets. The assets are pre populated for the job when creating deployment job from the Assets tab.
Simply go to Jobs > Create Job, and click Deployment Job
Optionally, you can go to the Assets tab, select the assets on which you want to apply the patches and then go to Actions > Add to New Job.
Provide a job title, and then select assets or asset tags to apply the patches to.
Want to add assets later? Go to the Assets tab, and select one or more assets, then from the Quick Actions Menu of a single asset or from the Actions menu (bulk actions) click Add to Existing Job or click Add to New Job. You cannot add assets later to OnDemand or run-once (non recurring) jobs once they are enabled.
Note: Patches are deployed on the selected tags only for assets contained in the user's scope. When you select an asset tag, corresponding child tags get automatically selected. Select "Any" to include assets that have any of the selected tags. Select "All" to include only those assets in the patch deployment job that have ALL the selected tags.
Select "Add Exclusion Asset Tags" to exclude the assets from the deployment job that have All/ANY of the selected asset tags.
Select patches to apply to the assets. Use the patch selector link to select patches. On the Patch Selector page you can use the Within Scope option to view patches within the scope of the selected assets or view all available patches. Select the desired patches and click Add to Job and then click Close. On the Select Patches pane of the deployment job wizard, click Available Patches if you want to add more patches to the job.
Want to add patches later? Go to the Patches tab, and select one or more patches, then from the Quick Actions Menu of a single patch or from the Actions menu (bulk actions) click Add to Existing Job or click Add to New Job. You cannot add patches later to OnDemand or run-once (non recurring) jobs once they are enabled.
Note that when you modify a patch job using the Add to Existing Job option from the Patches tab, you can add patches, but cannot add target assets or asset tags. To apply patches to an asset that is not added to the job, you can 1) edit an existing job from the Jobs tab, 2) select the asset from the Assets tab and use the Add to Existing Job option, or 3) create a new patch job for that asset.
Note: You can add maximum 2000 patches to a single job. Create another job to add patches above 2000.
Choose when to install the patches, whether OnDemand or Schedule. The OnDemand option allows you to install the patches immediately once the job is created and enabled. The Schedule option allows you to install the patches at a set time. You can choose to make a scheduled job recur daily, weekly, or monthly.
Setting a patch window restricts the Cloud Agent to start the job within the specified duration (e.g., start time + 6 hrs). If the Cloud Agent could not start the job within the specified patch window, then we show "Timed Out" status for the asset on the Job Progress/Job Details page. The Job may fail to start if the asset is Offline or the Cloud Agent does not have sufficient time to download the patch after the asset comes Online. Setting no patch window allows the Cloud Agent to take the time it needs to complete the job.
Note that Jobs are marked "Completed" once the patch window duration set for the job is elapsed. We show Completed status only for OnDemand and run-once jobs. The scheduled recurring jobs are never marked Completed.
In case of scheduled jobs, you can enable opportunistic patch download from Options > Additional Job Settings to allow the Cloud Agent to download the required patches before a scheduled job run begins. This will help the Cloud Agent to deploy patches in less amount of time instead of waiting to download the patches only after a job run starts.
Once created a job is disabled by default. You must enable the job in order to run it. Simply go to Jobs, then from the Quick Actions Menu of a job, click Enable.
Tip: You can use the Disable option to temporarily disable a scheduled job. You can then re-enable the job later at your convenience. OnDemand or run-once (non recurring) jobs cannot be edited or disabled once they are enabled. Under Options > Additional Job Settings, turn on Create Job in Enabled state to enable the job immediately upon creation.
Note: Monthly jobs which are scheduled to run on the 31st of the month will be scheduled every two months (where 31st date is available). Recurring jobs (Daily, Weekly, Monthly) should be enabled three hours prior to the scheduled time otherwise next eligible schedule will be considered.
You can configure how to notify the users about the patch deployment. You can configure pre-deployment messages, deferring the patch deployment certain number of times. You can also provide progress and completion messages. You can prompt the user or suppress reboot when asset reboot is required post patch installation.
Finally, you can prompt the user or choose suppress reboot when asset reboot is required post patch installation. Choose one of these options for reboot messages:
Reboot Request - Many patches require reboot in order to take effect. When enabled, it will show a message to users indicating that a reboot is required. If no user is logged in, the reboot will start immediately after patch deployment.
You can configure this option to give the user the option to either reboot the machine immediately after the patch is deployed or defer the reboot "x" number of times so that the user can save the work and complete other tasks. Reboot will defer until 1) the user clicks OK when reboot message is shown or 2) maximum number of deferments are reached.
Reboot Countdown - Show countdown message to users after deferment limit, if set in the Reboot Request option, is reached. When reboot countdown is enabled, this gives the end user an indication of how long it will take before the system is rebooted.
We highly recommend that when you create the job, fill out both the message and description fields for these options as this will have better performance in the agent/platform acknowledging the requests. Keep the messages very brief and the descriptions as detailed as possible.
Want to uninstall patches? See Uninstall patches from assets
Note: Only the creator of a job can edit the job. A super user can change the job status (enable/disable) or delete a job, but cannot edit it.
List of Asset Statuses