Patching Overview – Operating System & Third-party Applications

Modified on Fri, 1 Aug at 12:53 AM

Purpose

This article provides detailed information on how Saner CVEM Patch Management handles updates for different operating systems and third-party applications. Understanding this behavior helps in configuring the environment appropriately for seamless patching.


Microsoft Updates

Saner PM supports patch management for Microsoft operating systems through two primary channels:

1. WSUS (Windows Server Update Services)

  • If a Windows device is configured to use a WSUS Server, the Saner agent will directly contact the WSUS Server to fetch and install the latest applicable patches.

  • Ensure that the WSUS Server is properly maintained and updated to provide accurate patch lists.

2. Microsoft Update Server (Default)

  • If no WSUS configuration is set, the Saner agent connects directly to the Microsoft Update Server to retrieve and install the latest security patches and updates.


Linux Updates

For RPM-based Machines (e.g., RHEL, CentOS, Fedora)

  • Saner PM leverages the YUM package manager to install updates.

  • The agent connects to the YUM repository of the respective Linux distribution to download and install available RPM packages.

For DPKG-based Machines (e.g., Ubuntu, Debian)

  • Saner PM uses the built-in apt-get tool to handle updates.

  • The agent interacts with the APT repositories configured on the machine to fetch the latest patches.


Mac OS X Updates

  • Saner PM uses the softwareupdate command-line utility to manage OS X updates.

  • The Saner agent communicates with the official Mac OS X Update Server to check and install the latest patches.


Third-party Application Patches

Saner PM provides extensive support for patching widely used third-party applications across platforms.


Custom Remediation for Paid Applications

Some applications require paid licenses to access patch binaries (e.g., Adobe Acrobat Pro, certain enterprise tools). For such applications:

  • Saner PM allows you to perform custom remediation by uploading the patch installer manually.

  • You can then create and deploy a custom remediation job using the SanerNow console to apply the patch across targeted devices.


Notes

  • Ensure your firewall/proxy allows outbound access to update servers (Microsoft, Linux repos, Apple).

  • Patching behavior may vary based on endpoint configurations or group policies (especially in enterprise environments with WSUS).


For further assistance or to configure custom patching rules, please reach out to our support team at support@secpod.com.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article