The Patch Database (also known as Vulnerability Database) serves as a centralized storage repository within the ManageEngine website, containing all relevant data and information regarding patches and vulnerabilities released by various vendors. This database is periodically updated and maintained through rigorous analysis and testing by ManageEngine.
Endpoint Central's Patch Repository is updated with the latest patch information from Microsoft, Apple, Linux, and other third-party vendors and other vulnerability databases. Regular synchronization between the Patch DB and the Endpoint Central Patch Repository ensures that every patch remains up-to-date as the vulnerabilities in the managed systems are swiftly detected and remediated. You can configure the Patch Database Settings to choose what patches to be managed by the product and set the frequency at which the patch database synchronizes with the Endpoint Central's Patch Repository. To access Patch Database Settings, go to Threats and Patches ----> Settings ------> Patch Database Settings.
With the daily release of patches, it's crucial for enterprises to evaluate and select necessary patches for their networks. Endpoint Central lets IT administrators configure preferences to download and apply patches for operating systems or third-party software. You can select specific patches for each provided OS, ensuring efficient patch management in Patch Database Settings under the section: Select the patches that you wish to manage.
Endpoint Central receives updates from the patch repository regardless of the selected patch types. After the Patch Database sync completes, computers are scanned, and only missing patches from the selected categories are listed. Excluded patches won't be shown as missing. You can also use the Decline Patch feature if needed.
This enables targeted patch management. For instance, you might choose to install only patches related to the Mac operating system and specific third-party patches for Windows, excluding Windows BIOS updates. Scans will focus on identifying missing patches in these selected categories. As a result, patches like BIOS updates won't be listed as missing (even if they are missing in the managed computers), since you haven't configured the Patch Database Settings to include them.
A patch may become obsolete if the vendor releases a newer patch or update that supersedes it. You have the option to either enable or ignore superseded patches. If enabled, the older patches and newer patches will appear as 2 separate patches. Enable the Superseded Patches under Superseded Patches Settings, if your organization requires the addition of superseded or older patches.
Note: Scheduling the sync is not applicable for cloud users and won't be appearing in the product. The patch database sync for cloud setup happens automatically exclusively on weekdays once in every 8 hours, ensuring a seamless and efficient update process while maintaining optimal system performance.
You can schedule the time at which the vulnerability database information is updated. Enable the Schedule Vulnerability Database Update and fill in the required fields to activate the patch database sync. Setting the time in Start at field will enable patch sync to happen at that time on a daily basis.
You can also get notified about the synchronization by configuring the notification server settings and provide your Email Address for Notification in the corresponding field. If you wish to receive mobile app notification, install the mobile application version of Endpoint Central and configure the changes here. For cloud versions, the notification settings will be displayed as a sepearate section as Configure Notification Settings under Patch Database Settings. You can also allow the server to regulate the Patch DB sync on critical instances by initiating/deferring the sync. To allow this, enable Regulate DB Sync. To learn more about Regulate DB Sync, refer to this page.
After configuring the required settings, click on Save. The Patch scan will be initiated in the next agent refresh cycle after Vulnerability Database sync is successful.
