Watch C1 Demo C1 Demo
  • Security and Patch Information Sources
  • Automatic System Discovery
  • Prioritization and Scheduling
  • Installation and Deployment
  • Audit & Assessment

Patch Management Definition

Patch management is the process that helps acquire, test and install multiple patches (code changes) on existing applications and software tools on a computer, enabling systems to stay updated on existing patches and determining which patches are the appropriate ones. Managing patches thus becomes easy and simple.

Patch Management is mostly done by software companies as part of their internal efforts to fix problems with the different versions of software programs and also to help analyze existing software programs and detect any potential lack of security features or other upgrades.

Patch Management

Software patches help fix those problems that exist and are noticed only after the software's initial release. Patches mostly concern security while there are some patches that concern the specific functionality of programs as well.

The way patches are delivered and applied has undergone a drastic change over the course of years. Earlier, during the days of the traditional fee-licensing software delivery, patches were delivered on external media as stand-alone code modules which would then be added to an already installed software program. But today, in the age of web-delivered systems and cloud-hosting models, it's all different. Patches today can be applied to software programs over the global IP network; they no longer have to be sent on external media. This is the age of automatic addition of software patches and upgrades.

A Patch Management software would scan systems and find out if further patches are needed, thereby helping companies ensure if the software programs they are using have all that's needed for full-fledged functioning.

Implement Patch Management with these 8 Easy Steps:

  • Security and Patch Information Sources
  • Automatic System Discovery
  • Prioritization and Scheduling
  • Testing
  • Change Management
  • Installation and Deployment
  • Audit & Assessment
  • Consistency and Compliance

Security and Patch Information Sources

In general, IT administrators know which security issues and software updates are relevant to their environment. To support you, Comodo's industry-leading Patch Management Operation Team monitors sources of intelligence from:

Automatic System Discovery Coming Soon

Comodo ONE performs automatic discovery of Windows systems (using Active Directory) and Linux systems to deliver intelligence that gives you a real-time view of your network:

Prioritization and Scheduling

In-built categorization allows you to prioritize your patch deployments based on details like severity, vendor or type.

Critical patches and security patches can be automated and scheduled to run daily right out-of-the-box whereas, all other patches could be scheduled for the regular periodic maintenance window.


Patches can be deployed out-of-the-box or a workflow can be applied to validate them before auto installation. You can run tests on desired systems first in order to approve either single or bulk patches. Once satisfied you can mark them as approved or unapproved.

Your automation policies can deploy all patches matching the criteria you defined or only the approved patches matching the criteria you defined per policy.

Although Comodo does extensive and deep testing, we also empower our users to perform their own tests.

Change Management Coming Soon

Comodo ONE Platform enables you to track all changes done through your endpoint patch policies and the latest status of your network. Administrators can generate reports to track the applied patches as well as the missing patches and check the patch procedure details to see the successful operations as well as any failed deployment attempts.

Installation and Deployment

The patches are deployed based on the delta between endpoint and latest patch intelligence gathered. When configured on-demand or by policy, the agent applies the relevant updates and patches to create an efficient and fast process. The status of deployment is then updated in real-time in Comodo ONE.

The installation process can be scheduled or triggered on-demand based on existing procedure or selected patches and devices such as:

Audit and Assessment

Every single application can be tracked and patched over your network in real-time and it provides:

Consistency and Compliance

Comodo ONE Platform enables you to stay compliant on your entire network

Patch Management FAQ

Answers to frequently-asked questions about Comodo ONE Patch Management

A comprehensive Comodo Patch Management Module Admin Guide can be found here.
Currently, uninstalling patches from an endpoint is not available in the Patch Management module.
Yes. For a list of supported third-party applications, see here.
See here for a guide on removing selected endpoints from Patch Management.
The Patch Management Server is a Comodo Server that is maintained by Comodo.
Did you find this article about Patch Management helpful?
4.7/5 - 125 Votes
Our Promise to you: We will Patch everything you have, automatically! and for FREE.

The Ins and Outs of Patch Management using Comodo ITSM