What is Patch Management?

Patch management is the process that helps acquire, test and install multiple patches (code changes) on existing applications and software tools on a computer, enabling systems to stay updated on existing patches and determining which patches are the appropriate ones. Managing patches thus becomes easy and simple.

Patch Management is mostly done by software companies as part of their internal efforts to fix problems with the different versions of software programs and also to help analyze existing software programs and detect any potential lack of security features or other upgrades.

Software patches help fix those problems that exist and are noticed only after the software's initial release. Patches mostly concern security while there are some patches that concern the specific functionality of programs as well.

The way patches are delivered and applied has undergone a drastic change over the course of years. Earlier, during the days of the traditional fee-licensing software delivery, patches were delivered on external media as stand-alone code modules which would then be added to an already installed software program. But today, in the age of web-delivered systems and cloud-hosting models, it's all different. Patches today can be applied to software programs over the global IP network; they no longer have to be sent on external media. This is the age of automatic addition of software patches and upgrades.

A Patch Management software would scan systems and find out if further patches are needed, thereby helping companies ensure if the software programs they are using have all that's needed for full-fledged functioning.


Implement Patch Management with these 8 Easy Steps:

Security and Patch Information Sources

In general, IT administrators know which security issues and software updates are relevant to their environment. To support you, Comodo's industry-leading Patch Management Operation Team monitors sources of intelligence from:

  • Microsoft
  • Microsoft Security Bulletin
  • Application vendors
  • Common Vulnerabilities and Exposures (CVE) system
  • Automated crawler systems
  • And more

100% free, and No payment information required

Automatic System Discovery

Comodo ONE performs automatic discovery of Windows systems (using Active Directory) and Linux systems to deliver intelligence that gives you a real-time view of your network:

  • Runs and collects the discovery over all managed endpoints
  • Scans networks for installed and missing security patches
  • Detects vulnerabilities

100% free, and No payment information required

Prioritization and Scheduling

In-built categorization allows you to prioritize your patch deployments based on details like severity, vendor or type.

Critical patches and security patches can be automated and scheduled to run daily right out-of-the-box whereas, all other patches could be scheduled for the regular periodic maintenance window.

100% free, and No payment information required

Change Management

Comodo ONE™ Platform enables you to track all changes done through your endpoint patch policies and the latest status of your network. Administrators can generate reports to track the applied patches as well as the missing patches and check the patch procedure details to see the successful operations as well as any failed deployment attempts.

100% free, and No payment information required

Installation and Deployment

The patches are deployed based on the delta between endpoint and latest patch intelligence gathered. When configured on-demand or by policy, the agent applies the relevant updates and patches to create an efficient and fast process. The status of deployment is then updated in real-time in Comodo ONE.

The installation process can be scheduled or triggered on-demand based on existing procedure or selected patches and devices such as:

  • Automated patch deployment
  • Schedule by time, computer, group or user-defined collections of computers
  • Simultaneously deploy all required patches across machines
  • Combine your rollout strategy and policy enforcement in one tool
  • Maximize uptime by controlling schedules and reboot scenarios

100% free, and No payment information required

Audit and Assessment

Every single application can be tracked and patched over your network in real-time and it provides:

  • Visibility into global patch inventory with each and every device that is applicable and their relevant status (eg: already deployed, in deployment or missing)
  • Research automation freeing you from the cumbersome process
  • Identification of which patches are installed and when
  • Sophisticated reports about status and the general assessment of your network

100% free, and No payment information required

Consistency and Compliance

Comodo ONE Platform enables you to stay compliant on your entire network

  • Schedule the deployment of your patches on any configuration you prefer and Comodo ONE will deliver them precisely on schedule
  • Maintains consistency and compliance across all your devices and software
  • Monitors and maintains patch compliance for the entire enterprise

100% free, and No payment information required


Patches can be deployed out-of-the-box or a workflow can be applied to validate them before auto installation. You can run tests on desired systems first in order to approve either single or bulk patches. Once satisfied you can mark them as approved or unapproved.

Your automation policies can deploy all patches matching the criteria you defined or only the approved patches matching the criteria you defined per policy.

Although Comodo does extensive and deep testing, we also empower our users to perform their own tests.

100% free, and No payment information required

Our Customers’ Success Stories

Patch Management FAQ

Answers to frequently-asked questions about Comodo ONE Patch Management

A comprehensive Comodo Patch Management Module Admin Guide can be found here.
Currently, uninstalling patches from an endpoint is not available in the Patch Management module.
Yes. For a list of supported third-party applications, see here.
See here for a guide on removing selected endpoints from Patch Management.
The Patch Management Server is a Comodo Server that is maintained by Comodo.
Did you find this article about Patch Management helpful?
4.7/5 - 1067 Votes

Our Promise to you:
We will Patch everything you have, automatically! and for FREE.

100% free, and No payment information required
Blog icon

Blog: The Ins and Outs of Patch Management using Comodo ITSM