Patch Scan

• 4 min to read •

Syxsense software scans devices for the need for specific patches for both operating systems and third-party software and checks if devices have superseding or newer patches.

It also assesses your device's health based on the CVSS score associated with each missing patch for both OS and third-party apps so that you can prioritize patching relatively to your exposed risk. Patch details are represented in the Patch Summary.

Important Information

It's always recommended to scan for 'All Patches', rather than leave detection gaps.

Patch scans can take 2-5 minutes or longer to complete, we recommend scanning all devices every day.

The information about the patch is provided from the vendor except for the CVSS score which is an independent severity scoring system.

The Device Status Breakdown area includes dynamic functions to allow you to scan or deploy these patches easily.

Prerequisites

Discovery task and Patch Manager permissions

An online device

Video Tutorial: How to Create Weekly Patch Scan

Guided walk-through: How to Scan all Devices for all Patches

Troubleshooting

Next Step: Update Your System Components to Solve Security Issues

Last Update: July, 2024

❶	Create: From the Tasks menu click > Click 'Patch Scan'Drop-down Title
❷	Where: Select which devices to scan using either Predefined Device Queries, User Defined Device Queries, Device Groups, Specific Devices & Active Directory Targets, or All Devices > Click 'Next'. Although groups and queries can be used, we recommend scanning every device.
❸	What: Select the patches you wish to scan for using either Predefined Patch Queries, Custom Patch Queries, Patch Group, Specific Patches, or All Patches > Click 'Next'. Although groups and queries can be used, we recommend scanning for everything.
❹	When: Select when you would like your scan to run > Click 'Next'. You may configure a Maintenance Windows during which the scan will be completed, a repeat interval such as 'repeat every Monday' for unsuccessful devices, and the Protect option to ensure the task is not running during important business hours. It's strongly recommended to create a recurring Patch Scan Task with Maintenance Windows. The recommendation is to scan all devices on a perpetual basis; the maintenance window provides this level of recurrence with a set task duration.
❺	Summary: Review the settings of the task and if configured correctly, click 'Run Now' to save and run the task.

Issue/Result Statement	Reason/Resolution
'Not Connected'	The device has a MicroAgent already installed, and it is not responding. The device is offline/not connected to the network.
'Partial success'	The device started the Patch Scan and completed a scan of some of the updates; however, the device could not complete the task.
'Target device disconnected'	The device started the Patch Scan but disconnected at any point in the task. Typically shown if target device disconnected before any updates were scanned.
'Lost Connection'	The device started the Patch Scan but disconnected at any point in the task. Typically shown if the target device disconnected before any updates were scanned.
'Not enough free disk space'	The device does not have enough disk space to download the content. Ensure target device has enough disk space and re-attempt deployment task.
'Thread Being Aborted' or any other 'ErrorCode'	The device likely has existing security software that does not trust Syxsense. 3rd party software must be populated with exclusions to trust this solution.