Company logoHelp Center
Visit www.threatlocker.com

Patch Management

4 min. readlast update: 02.21.2025

Known Limitations:

  • Beta Product 
  • Requires ThreatLocker Windows Agent 10.0 or greater
  • macOS support coming soon
  • Policy order not yet implemented
  • Health Center not properly calculating the total computers and applications in an organization

ThreatLocker Patch Management provides a centralized location to view all managed applications and tell at a glance if any of those applications anywhere in your environment are missing updates. Once applications missing updates are located, you can quickly patch all or some of the impacted computers with the touch of a button.

To further streamline the process, policies can be set up to automatically patch applications once ThreatLocker identifies them running in an unpatched state.

Built-in applications that are eligible for automatic patch policies are notated by a yellow patch icon next to the application name on the Application Control > Applications page.

Applications that have missing updates will be displayed with a red "Missing Updates" label.

The ThreatLocker Patch Management team works around the clock to identify and rigorously test updates before they become available for automatic patching.

Setting Up Automatic Patching Policies

Navigate to Patch Management > Policies

Select the New Policy button to open the New Patch Policy sidebar.

  1. Policy Name - Provide a name for the policy.
  2. Description- Input a description if desired.
  3. Policy Active - Toggle on to automatically apply patches when an outdated version is observed.
  4. Add Policy to Top / Add Policy to Bottom - Select if this policy will apply before or after other saved policies. (Order by not implemented yet)
  5. Applies To - Select the computers and groups to which this policy will apply.
  6. Notify the end user when a computer restart is required - Toggle on to present the end user with a popup notification when a computer restart is required to complete an update. Toggle off to apply patches silently and not notify the end user that a restart is required.
  7. Application - Select the application this policy applies to
  8. Patch Version - Select the application version this policy will update the application to
  9. Auto Increment Version - Toggle on to automatically update the 'Patch Version' above to the latest version when a new patch is released
  10. No Policy Schedule / Schedule Policy - If desired set a schedule for applying patches. Please note that if computers are offline during the scheduled patch window, the patch will be applied once the computer comes back online.
  11. Patch Delay - Set the number of days to wait before applying patches once an out-of-date application is observed, ranging from no delay up to 90 days.
  12. Save - Press save to save the policy.

Patch Policies will be processed using the ThreatLocker policy hierarchy. (Not implemented yet)

Viewing Upcoming Patches

Navigate to Patch Management > Upcoming Patches.

This page lists all Patch policies that have been triggered but are waiting to be applied after the specified delay period has passed. 

Policies can be aborted from the main grid.

Select the blue Policy name on the main grid to open that policy's sidebar.

Viewing Missing Updates

Navigate to Patch Management > Missing Updates

Here, all applications with missing updates will be listed.

  1. Press the Patch All button to instantly apply the most up-to-date update to all impacted computers.
  2. Press the Skip All button to skip this patch for the impacted computers. Until a new update is released, the included computers will not show again as missing an update for the specified application.

Select the blue Application name on the main grid to open the application sidebar with the Missing Updates tab open where all computers that are missing updates for the selected application are listed.

Select the Patch Now button to update this application for the selected computer.

Select the Skip button to skip this patch for the selected computer. Once a new update is released, the selected computer will not show again as missing an update for the specified application.

Computer Sidebar

Navigate to Devices > Computers.

Select a computer from the list to open the sidebar.

On the computer sidebar,  the Patch History tab will display a history of patches applied to that computer from the ThreatLocker portal. 

Here, you will find a list of patches that are pending, completed, skipped, or aborted for the computer. The 'Date' column displays the date of the last status change (e.g. the date a patch became pending).

 

Was this article helpful?