Understanding Patch Management
- Architecture
- Work-flow
Installation & Setup
- Scope of Management
- Windows
- Mac
- Linux
Settings
Patch Settings
Deployment
How To's
Knowledge Base
FAQ's

How to Decline Patches for Specific Systems

Key Points
Introduction: Explains common scenarios where patches must be declined only for selected systems and the risks of global patch blocking.
How Patch Manager Plus handles patch exclusion: Describes how patch exclusion allows administrators to decline patches at a system or group level without affecting the entire environment.
Quick Setup: Shows how to decline patches for specific systems using patch exclusion.

Introduction

In real world environments, not every patch can be safely applied to all systems at the same time. Certain servers, business critical devices, or systems running sensitive applications may require extended testing or temporary deferral of specific patches. Declining patches only for these systems prevents unintended impact while still allowing the same patches to be deployed to the rest of the organization.

Maintain control by preventing specific patches on selected systems with Patch Manager Plus!

Get Started

How Patch Manager Plus handles patch exclusion

Patch Manager Plus handles system specific patch decline through patch exclusion. Using this approach, patches or applications can be excluded for selected computer groups. When a patch is excluded for a group, it is not considered missing for the systems in that group and is not deployed to them, including during automated patch deployments.

This allows administrators to maintain accurate patch status and compliance views while controlling patch rollout for sensitive systems independently from the rest of the environment.

Quick Setup

Use the steps below to exclude selected patches so they are not deployed to specific systems.

Navigate to Patches → Decline Patch → Select Group & Decline Patch.
Choose the computer groups that represent the systems where these patches should not be applied.
Choose the type of exclusion based on your requirement:
- Select Patches to decline individual patches or patch families.
- Select Applications to decline all patches related to a specific application.
- Select Family to decline patches related to family of applications.
Save the exclusion to ensure the selected patches are not considered missing and are not deployed to those systems.

Once excluded, the declined patches remain available for deployment to other systems that are not part of the selected groups.

More details on patch exclusion behavior are available here: Exclude Patches and Applications.