Learn about Zero Trust Architecture
Impenetrable cybersecurity without sacrificing usability
Gain detailed visibility into all your endpoints activities
Harden applications and hardware environments
Immediate and continuous response to incidents
Close the window of time your data could be exposed
Get your Comodo solutions setup, deployed or optimized
Control access to malicious websites
Defend from any internet based threats
Stop email threats before it enters your inbox
Preserve and protect your sensitive data
Keep your website running fast and malware free
Add encryption to your websites
Automated certificate mgmt. platform
Secure private intranet environments
Digital signature solutions for cloud apps
Encrypt emails for senders and recipients
Stay compliant with PCI DSS
Trusted authentication for IoT devices
Francisco Partners a leading technology-focused private equity fund, has acquired a majority stake in Comodo’s certificate authority business. Newly renamed from Comodo CA Limited to Sectigo Limited. Privacy Policies, Trademarks, Patents and Terms & Conditions are available on Sectigo Limited’s web site.
Meet the people behind the direction for Comodo
Get the latest news about Comodo
People are the key to achievement and prosperity
Stay up to date with our on-demand webinars
Worldwide: Sales, Support and General Inquiries
Schedule a live demonstration of our solutions
Need immediate help? Call 1-888-551-1531
Instantly removes viruses to keep your PC virus free
Experience true mobile security on your mobile apple devices
Secure Internet Browser based on Chrome
Chrome browser internet security extension
Submit a ticket to our support team
Share any product bugs or security flaws
Collaborate with research experts on data sets
Valkyrie Threat Intelligence Plugins
Valkyrie Threat Intelligence APIs
How to check patch status and deploy selected patches to devices
Step 1: Open ITSM and click ‘Devices’ > ‘Device List’. Click on your target device and open the ‘Patch Management’ tab. This will list all patches available for the device. The column on the far right tells you whether the patch is installed, or available for installation. The importance of the patch is shown in the ‘Severity’ column’
Step 2: Optional. Click the funnel icon on the right to filter patches based on name, install status, severity and other criteria.
Step 3: Select the patches you want to deploy to the device using the checkboxes on the left. Click the ‘Install Patch’ button to deploy:
Step 4: The selected patches will be added to the install queue and will be applied immediately after the next successful communication with the device.
How to check patch status of third party application on specific device
Available patches for third party applications which were installed on the endpoint, there you can check the date of installation of old package and date of release of the new package, version details for installed applications and available packages and more over the severity rate is given for the user to desire whether the package is needed or not.Step 1: Launch the ITSM
Step 2: Go to DEVICES > ‘Device List’ and select the desired device.
Step 3: Select the tab ‘Patch Management’.
Step 4: Select the ‘Third Party Applications’ tab.
Step 5: Check the list of applications that are available third-party patches of the device.
1. Software Name – Name of the patch or package of the latest version2. Vendor – vendor name of the package3. Software Category – category of the software4. Installed Version – version number that was installed on your endpoint that is the old version you have to update5. Installation Date – date of the older version installed6. Latest Version Available – version number of released patch7. Severity – rate of the severity8. Release Date – date of the new patch releaseNote: You can check our wiki for “How to perform third party application update in ITSM”
How to create “Third Party Patch Procedures”
The Third-party patch is now available to the users of ITSM, the procedure can either be created for a particular application or for all supported applications.When a procedure is executed on a device the available patch update will be applied to the devices. Thus every enrolled device can be managed easily.Additionally, a user can schedule the patch update process by adding the respective procedure to a profile. Then, the profile will be added to the device. Thus the procedure will be executed at the specified time and frequency.
Step 1: Go to “Configuration Templates” and select the “Procedures” menu. Click “Create” button. From the drop-down, select “Create 3rd Party Patch Procedure” option. The “Create 3rd Party Patch Procedure” dialog box appears.
Enter the details in the dialog box.
1. Procedure name :Enter the name of the procedure.2. Description: Enter the description.3. Folders: Chose the folder, in which the procedure should be stored.
Click “Create” button.
Step 2: Click the created procedure from the list, to customize it.
Step 3: In General tab, click “Edit” button to modify.
1. Procedure name: Enter the name of the procedure.2. Description: Enter the description.3. Folders: Choose the folder, in which the procedure should be stored.
4. Use alert settings when the procedure fails : A alert can associated with the procedure, by selecting the option “Use alert settings when the procedure fails”, enter the existing name of the alert in the text box and save it. An alert will be triggered when this procedure failed on execution. ( Even a ticket will be created if the appropriate option for generating ticket in the triggered alert’s setting is enabled)
Step 4: The Execution options, contains the following details.“Select 3rd party software to update” as a caption and following are the choices
1. “Update all applications” – On Select of this option, all the available updates will be applied, when this the procedure is called on that particular device.2. “Update only the selected applications”- On Select of this option, selected list of available updates will be applied, when this the procedure is called on that particular device.
The name of the software will be entered in the text box below.
Click “Save” button. Illustration provided for “Update only the selected applications”.Note: if updates should be applied for all applications chose “Update all applications” and click “Save” button at the right most corner of the page.
Step 5: The Restart control, helps to define the restart options based on your need.
1. There are three types of restart option:2. Force the reboot in – Forces the reboot at the endpoint in the defined time with an alert message.3. Suppress the reboot – The reboot will not be initiated.4. Warn about the reboot and let users postpone it – It will remind the user at the endpoint about the reboot and the user may postpone itChose your desired type of the reboot option and click “Save” button. Illustration is provided for “Force the reboot in”:
Step 6: The procedure can be scheduled to run at a specific time. If this is scheduled the schedule details will be listed here.
Note: The procedure should be added to any of the profiles in the Configuration Templates → Profiles, and click “Add Profile Section” button and select the procedures and click “Add” icon.The “Add Existing Procedure” dialog box appears. Fill the form and the schedule details will be added to the schedule section. Finally, the profile should be added to the device, on which the procedure is be called on the scheduled time.
How to perform third party application update in ITSM
In ITSM, now you can perform all operations related to the third party applications updates. The available applications for updates can be viewed, monitored and the updates can be either applied to a particular device or to all devices enrolled.The different methods of applying third party application software are available ITSM. Thus, either you can apply a specific version of a software update to the devices or the latest version of the software update to the devices.
The “Third Party Applications” update option available in two sections of ITSM:
Step 1: Go to ITSM -> ‘Devices’ > ‘Device List’ menu. Click the name of the device from the list, to which you want the check and apply the third party application update.
Step 2: Navigate to “Patch Management” section and click “Third Party Applications” tab.The List of the application which has to be updated will be listed here. Click the refresh button, to get the up-to-date list. The list contains the following columns, which describes the software.
Name – Name of the application
Step 3: Select the check box of the appropriate software and click “Install Patches” button.
The following drop down appears now,
1.Update to Latest Version: The Update of the latest version will be applied to the devices.On Click of this button, the update command will be sent to the devices.
2.Update to Specific Version: The update of the specific version will be applied to the devices. On click of this option, the “Update to Specific Version” dialog box appears, click the drop-down icon and select the version that needs to be sent to devices.Finally, click ‘Send’ button The updates will be sent to the devices and Installed.Update to Latest version’s Illustration:
Update to Specific Version’s Illustration:
Step 4: Navigate to “Software Inventory” tab in device details. Click “Update Software Inventory” button at the top to send inventory update command to the device. After few seconds, click the refresh icon to refresh the table. The updated version of the software will be displayed.
Step 1: Go to Applications, click “Patch Management” menu > “Third Party Application” tab. The list of the software updates available will be listed here. The list has columns which describe the software, they are:
1. Name: Name of the application.2. Vendor: Name of the application vendor.3. Category: The category of the given application.4. Installed Devices: Devices that have any version of the given application.5. Upgradable Devices: Devices that have an older version of the given application.
Step 2: Select the checkbox of the appropriate software and click the down button near to the “Install Patches” button. The Two option will be available in the drop-down.
1.Update to Latest Version: The Update of the latest version will be applied to the devices.On click of this button, the update will be sent to the devices.Note: The “Update to Specific Version” cannot be done from the here, but if you want to update to a specific version go to device list → select a device → Patch Management → Third Party Application, select a software and click install patches and select the “Update to Specific Version”.
Step 3: Select a software to view the detailed information about that software.
The “Devices List” lists the devices, for which the patch updates can be done for the selected software.
How to run “Third Party Patch Procedures”
Third Party Patch Procedures update the patches in the endpoints. Depend upon the procedure, the deployment of patches varies. For example, if the procedure is created to update all applications, during execution the patch update(if available) will be done for all softwares in the endpoints.The execution of third party patch procedure can also be automated by scheduling it.
Step 1: Go to “Configuration Templates” and select the “Procedures” menu. Click the appropriate procedure from the list, to run it.
Step 2: To run a procedure click “Run ” button.
A “Run Procedure” dialog box appears, select either
1. “All devices” – To execute the procedure in all enrolled devices in ITSM.2. “Selected Device(s)” – To execute the procedure in the selected devices and the devices name will be provided in the text box below
Fill the details and click “Run ” button. The procedure will be executed.Illustration is given for “Selected Device(s)”:
Step 3: The Execution Log contains the details about the procedure execution. To view the detailed information about the procedure execution, click “Details ” link.
The following two tabs will be available,
1. “Statuses” – The execution operation result will be displayed here2. “Tickets” – The ticket information related to the procedure will be displayed here (In case when procedure fails)
How to deploy patches from the ‘Patch Management’ interface
The Applications > Patch Management interface allows you to install missing patches to all managed devices.
Step 1: Open ITSM and click ‘Applications’ > ‘Patch Management’. The interface lists all available patches for managed endpoints. The ‘Installed’ and ‘Not Installed’ columns show how many devices have the patch installed versus not installed. Click the numbers in these columns to view the target devices.
Step 3: Select the patches you want to deploy using the checkboxes on the left. Click the ‘Install Patch’ button to deploy:
Step 4: The selected patches will be added to the install queue and will be applied immediately after the next successful communication with the device(s).
How to add a patching schedule to a profile
Adding a patch procedure to a configuration profile allows you to automatically patch devices according to a schedule of your choice. Note – this tutorial shows you how to schedule a Comodo ‘pre-defined’ patch procedure. You can also create your own procedures by clicking ‘Configuration Templates’ > ‘Procedures’.
Step 1: Open ITSM and click ‘Configuration Templates’ > ‘Profiles’. Select the profile to which you want to add the patch procedure.
Step 2: Click the ‘Add Profile Section’ button on the top and select ‘Procedures’. If you have already added the ‘Procedures’ component then just click on it and proceed to step 3.
Step 3: Open the ‘Procedures’ tab and click ‘Add’:
Step 4: Start typing the name of a patch procedure in the search box. Comodo ITSM has the following, pre-defined, patch procedures to choose from:
Critical Patch Updates
Security Patch Updates
Best practice – we advise you schedule ‘Critical Patch Updates’ and ‘Security Patch Updates’ to run daily, and ‘Patch Maintenance’ to run weekly.
Note. You can also create custom patch procedures. Click here for help with this.
Step 5: After choosing your procedure, select the start date and frequency and start time:
Step 6: Click ‘Add’ to add procedure to the profile. Click ‘Save’ (on the right) to save the profile.
The patch procedure will automatically run on the devices to which the profile is applied.
How to manually run a patch procedure on devices
Patch procedures can be run directly on selected devices from the ‘Procedures’ interface.
Step 1: Open ITSM and click ‘Configuration Templates’ > ‘Procedures’
Step 2: Expand the ‘Predefined Procedure’ folder on the left and select ‘Patch Deployment’:
Step 3: Choose which patch procedure you wish to run from the following pre-defined procedures to choose from:
Critical Patch UpdatesSecurity Patch UpdatesPatch Maintenance
Best practice – we advise you run ‘Critical Patch Updates’ and ‘Security Patch Updates’ on daily basis, and ‘Patch Maintenance’ on a weekly basis. You may also want to consider scheduling patch updates if you haven’t done so already.
Step 4: Click the ‘Run’ button then select your target devices:
You can choose ‘All Devices’, or start typing in the ‘Selected Device(s)’ field to choose specific devices or device groups:
Step 5: Click ‘Run’ to immediately deploy the patch procedure to selected devices.
How to create a custom patch procedure
ITSM ships with a set of predefined patch procedures which cover most use cases. However, you can also create your own procedures to specify exactly which types of patches are deployed.
Step 2: Click the ‘Create’ button then ‘Create Patch Procedure’:
Step 3: Type a name and description for your procedure then choose the folder in which to save it. In this example, we will use the custom folder ‘My Procedures’. Click ‘Create’ to save your procedure.
Step 4: You will be automatically taken to the procedure configuration screen. The configuration screen has three tabs – General, Execution Options and Execution log:
General – Allows you modify the name, description and folder of the procedure, and to set which alert is displayed should the procedure fail.
Execution Options – Lets you fine tune which types of patches are covered by the procedure. For security updates, you can also choose which severity of patches to install.
Execution Logs – Shows a list of all logs of patch deployment. These are useful to check whether the patch ran correctly or not.
Once these steps have been completed and you approve the new procedure, you can run it on all or selected devices by clicking the ‘Run’ button:
How to check complete details about the specific patch?
Step 1: Go to ITSM > APPLICATIONS > Patch Management and click over any patch from the table
Check the General Information of the patch application.
1. File Name – Name of the file2. Version – Version number of the file3. Vendor Severity – It is status of Severity of the Vendor
4. Release Date – Date of the patch released
Step 2: Click ‘Vendor’ tab and check out the Vendor Information.
1. Vendor name – Name of the vendor2. Vendor severity – It is status of Severity of the Vendor
3. Support URL – URL of the vendor to support the package queries
Step 3: Click the ‘Security Patch Info’ tab and check out the information
1. Supercedes – The respective security bulletins will list the superseded patches, and you have to check for Security Update Replacement in the bulletin.2. Bulletin – a brief public notice issuing for the patch release usually from an authoritative source3. Supercedes bulletin ID – ID of the security bulletins and knowledge-base articles superseded by the patch4. Release date – Date of the release of the Suprecedes
Step 4: Click the ‘Bulletin’ tab and check out the information.
1. ID – Unique number to identify Bulletin of the patch2. Description – Purpose of the patch release
Step 5: Click the ‘CVE IDs’ to check out the information
1. CVE – Common Vulnerabilities and Exposures (CVE) is a catalog of known security threats.
Related Resources:Free Patch Management SoftwarePatch Management Software Comparison
Patch Management Metrics
Tags: Comodo One,ITSM,Patch Management
Reading Time: 14 minutes The tried-and-tested practice in the IT service industry is keeping your systems updated – no matter what. It is important to have a patch management system specialized for your whole company and for your specific IT functions. Patch Management Definition Upgrades for software applications and systems that you have on your computers and network devices…
Reading Time: 14 minutes IT professionals understand the necessity of patches, even if it’s not one of their favorite things to do. However, if someone told you that there was an option that did almost everything for you, you’d probably be interested. A Windows patch management tool that will help you find and utilize patches to keep systems running…
Reading Time: 14 minutes Comodo IT and Security Manager (ITSM), which is a part of Comodo One initiative and is available absolutely free, assists MSPs in managing their client infrastructure, by equipping them with the necessary IT tools to address the four critical aspects of IT Service Management: device management, application management, security management and helpdesk management. Subscribe to…
Sign up to our cyber security newsletter
Comodo Cybersecurity would like to keep in touch with you about cybersecurity issues, as well as products and services available. Please sign up to receive occasional communications. As a cybersecurity company, we take your privacy and security very seriously and have strong safeguards in place to protect your information.
See how your organization scores against cybersecurity threats
Advanced Endpoint Protection, Endpoint Detection and Response Built On Zero Trust Architecture available on our SaaS EPP