Home » Patch Management for Closed Network

Patch Management for Closed Network

With a distributed and hybrid work culture, one untapped work culture is closed networking. Enterprise maintains a close network of resources to work with restricted access to the network. This aims at providing security, which at times requires patching. Patching, being an internet-oriented task has left IT admins in a state of madness when it comes to deployment under no internet conditions.

Check this article to know more about how to effectively patch your endpoints inside a closed network:

Table of contents

  1. Configure Proxy Settings
  2. Configure Patch Database settings
  3. Download and setup the tool
  4. Update the Patch Database
  5. Download the required patches

Configure Proxy Settings

  1. Click Admin Tab and select Proxy Settings, under Patch Settings
  2. Choose No connection to Internet.
  3. Click OK to save changes.


Configure Patch Database settings

  1. Navigate to Patch Settings -> Patch Database Settings.
  2. Under Schedule Vulnerability Database Update, disable Schedule.

This prevents the DB sync from being initiated without the necessary data in the <InstallDirectory>/conf/CRSData directory because the updatedb folder in the above-mentioned directory will get erased after a successful sync. So, the upcoming DB sync will get failed if the required folder is expunged.


Download and setup the tool

  1. Download this zip and extract it on a computer with an internet connection.
    If the computer does not have direct internet connection, open the downloadMgr.prop file available within the extracted location and provide the details of the proxy server, port and authentication details.

You have successfully configured the tool and it is ready to be used. Configuring proxy and setting up the tool are one time operations, whereas updating the Patch Database and downloading the required patches need to be done every time you wanted to deploy the latest missing patches.

Update the Patch Database

  1. Go to the machine where you have extracted the downloadMgr.prop, open a command prompt and navigate to the extracted directory.
  2. Execute the following command depending on the operating system of the machines you manage:

    • If you manage only Windows & Mac: patchsync.bat -c updatedb -b <BUILD_NUMBER>
    • If you manage all three Windows, Mac and Linux: patchsync.bat -c updatedb -i linux -b <BUILD_NUMBER>
    • - Verify that you have entered build number of the installed Endpoint Central server and it is in the correct format. For example 11.3.2400.1 or 113240001.
      - You can find the build number by clicking on your profile located in the top-right corner of the Endpoint Central console.

  3. This will update the latest patch information available at ZohoCorp. website to the local computer. The update will take some time and after completion, the necessary information will be updated in the updatedb directory.

  4. Copy the updatedb directory to the Endpoint Central Server to <Install Directory>/conf/CRSData directory.

  5. From the product's web console, click the Patch Mgmt tab and click Update Now button. This will copy the necessary information from the updatedb directory to the database. Now, the local database will have the latest patch information.

  6. Now, scan the computers in the network to identify the missing patches. 

    You will not be able to view all the missing patches, unless scanning is completed for all the computers. Ensure that all the computers are scanned, before manually downloading the missing patches.

The next step is to download the missing patches from the computer with an internet connection and copy them back to this computer.

Download the required patches

  1. You can manually download the required patches from the vendor sites and upload it to the console using Upload Patches option. To learn more on how to upload patches manually, click here.

  2. To download the patches, you would first require the details of the missing patches. To get this, go to the Missing Patches view and click Export Missing Patches button. This will export the details of the missing patches that have not been downloaded and the dependent patches which should be downloaded as downloadUrlJson.txt

  3. Copy this file to the directory in the computer where you extracted the zip.ss

  4. Open a command prompt and execute the command: patchsync.bat -c dwnpatch -f downloadUrlJson.txt

  5. This will download all the missing patches to the store directory. Once all the files are downloaded, copy the contents of the store directory and copy it to the Endpoint Central Server to <Install_Dir>/webapps/DesktopCentral/Store directory (this is the default location; if this has been changed copy it to the appropriate location)

  6. You should then update this information in the database so that all these patches are shown in the Downloaded Patches view. To do this, open the Downloaded Patches view and click Update Downloaded Patches button

  7. All the manually downloaded patches will appear in the view from where you can deploy them to the required computers.

You have successfully configured the patch management process in a closed network.