Patch Management

6 min. readlast update: 04.02.2025

Note: You can find a list of all Patch Management supported Built-Ins in the below link:

Patch Management Supported Built-Ins | ThreatLocker Help Center

Known Limitations:

  • Beta Product 
  • Requires ThreatLocker Windows Agent 10.0 or greater
  • Applications that require being shut down to patch require Windows Agent 10.0.2
  • Patch policy scheduling requires Windows Agent 10.0.2 or greater
  • ESR and Beta channel applications are not supported yet
  • macOS support coming soon
  • Auto-increment for policies coming soon

ThreatLocker provides a centralized location to view all managed applications and tell at a glance if any of those applications anywhere in your environment are missing updates.

Health Center - Missing Updates Tile

The ThreatLocker Health Center dashboard contains a tile titled Missing Updates.  This tile shows the total number of applications in the organization along with the number of applications that are missing updates. It also shows the total number of computers in an organization and the total number of computers missing updates in the organization.

Expand the tile to view a list of all applications with missing updates.

Applications that can be patched via the ThreatLocker portal will have buttons to Patch All, Skip All, or Mark All as Resolved to quickly address issues from the Health Center.

The Patch Management module allows you to quickly patch all or some of the impacted computers with the touch of a button.

Patch Management Module

Patch policies can be set up to automatically patch applications once ThreatLocker identifies and thoroughly tests the patch, helping to streamline the patching process.

On the Application Control> Applications page, built-in applications eligible for automatic patch policies are notated by a yellow patch icon next to their names.

Applications that have missing updates will be displayed with a red "Missing Updates" label.

The ThreatLocker Patch Management team works around the clock to identify and rigorously test updates before they become available for automatic patching.

On applications that have missing updates, organizations with Patch Management enabled will also have a Missing Updates and Upcoming Patches tab on the Application sidebar.

Please Note: Applications flagged as Missing Updates before a patch policy is created will not be updated by the policy. A manual push of the "Patch Now" button will be required, and once the application is outdated again, the policy will then apply.

Missing Updates Tab

The Missing Updates tab displays a list of computers and specific file paths that need updates for the selected application.

From here, the quick action buttons allow you to patch now, skip this patch, or mark this patch as resolved.

  •   Patch Now - Patch Now will send an agent action to the endpoint to apply the patch now.
  • Skip—Skip will skip this specific patch. Once the next patch is released, the application will be flagged as missing updates.
  • Mark Resolved - Mark Resolved will mark this specific patch as being applied outside of ThreatLocker. If the hash of the out-of-date version is observed again, the application will be flagged again as missing updates.

Setting Up Automatic Patching Policies

Navigate to Patch Management > Policies

Select the New Policy button to open the New Patch Policy sidebar.

  1. Policy Name - Provide a name for the policy.
  2. Description- Input a description if desired.
  3. Policy Active - Toggle on to automatically apply patches when an outdated version is observed.
  4. Add Policy to Top / Add Policy to Bottom - Select if this policy will apply before or after other saved policies. (Order by not implemented yet)
  5. Applies To - Select the computers and groups to which this policy will apply.
  6. Application - Select the application this policy applies to
  7. Patch Version - Select the application version this policy will update the application to
  8. Auto Increment Version - Toggle on to automatically update the 'Patch Version' above to the latest version when a new patch is released
  9. No Policy Schedule / Schedule Policy - If desired set a schedule for applying patches. Please note that if computers are offline during the scheduled patch window, the patch will be applied once the computer comes back online.
  10. Patch Delay - Set the number of days to wait before applying patches once an out-of-date application is observed, ranging from no delay up to 90 days.
  11. Create - Press save to save the policy.

Patch Policies will be processed using the ThreatLocker policy hierarchy

Viewing Upcoming Patches

Navigate to Patch Management > Upcoming Patches.

This page lists all Patches that have been triggered but have not yet been applied. Patches triggered using a Patch Now button will be displayed with 'No Policy' in the Policy column. 

The main grid displays the Policy name (if there is one), the Application name, the version of the patch waiting to be applied, the Computer and/or user context the application will be patched under, the earliest date that a patch will be applied (according to the policy delay and schedule set in the policy), and quick action buttons.

The quick action buttons provide the ability to:

  •  Patch Now - Patch Now will send an agent action to the endpoint to apply the patch now.
  • Abort the patch - Abort will cancel this patch for this computer or user profile. (This will be the only quick action button that can be applied on patches that were manually triggered.)
  • Mark as Resolved - Mark Resolved will mark this specific patch as being applied outside of ThreatLocker. If the hash of the out-of-date version is observed again, the application will be flagged again as missing updates.

 

 

Viewing Missing Updates

Navigate to Patch Management > Missing Updates

Here, all applications with missing updates will be listed. Applications that cannot be actioned by ThreatLocker will be displayed with a Not Managed label.

  1. Press the Patch All button to instantly apply the most up-to-date update to all impacted computers.
  2. Press the Skip All button to skip this patch for the impacted computers. Until a new update is released, the included computers will not show again as missing an update for the specified application.
  3. Press the Mark All Resolved to mark this specific patch as being applied outside of ThreatLocker. If the hash of the out-of-date version is observed again, the application will be flagged again as missing updates.

Please Note:  'Not Managed' will only show for applications that ThreatLocker has confirmed are out of date.

Computer Sidebar

Navigate to Devices > Computers.

Select a computer from the list to open the sidebar.

The Patch History tab on the computer sidebar displays a history of patches applied to that computer from the ThreatLocker portal. 

Here, you will find a list of patches that are pending, completed, skipped, resolved, or aborted for the computer. The 'Date' column displays the date of the last status change (e.g. the date a patch became pending).

 

Was this article helpful?