Purpose
This article provides detailed information on how Saner CVEM Patch Management handles updates for different operating systems and third-party applications. Understanding this behavior helps in configuring the environment appropriately for seamless patching.
Microsoft Updates
Saner PM supports patch management for Microsoft operating systems through two primary channels:
1. WSUS (Windows Server Update Services)
If a Windows device is configured to use a WSUS Server, the Saner agent will directly contact the WSUS Server to fetch and install the latest applicable patches.
Ensure that the WSUS Server is properly maintained and updated to provide accurate patch lists.
2. Microsoft Update Server (Default)
If no WSUS configuration is set, the Saner agent connects directly to the Microsoft Update Server to retrieve and install the latest security patches and updates.
Linux Updates
For RPM-based Machines (e.g., RHEL, CentOS, Fedora)
Saner PM leverages the YUM package manager to install updates.
The agent connects to the YUM repository of the respective Linux distribution to download and install available RPM packages.
For DPKG-based Machines (e.g., Ubuntu, Debian)
Saner PM uses the built-in
apt-get
tool to handle updates.The agent interacts with the APT repositories configured on the machine to fetch the latest patches.
Mac OS X Updates
Saner PM uses the
softwareupdate
command-line utility to manage OS X updates.The Saner agent communicates with the official Mac OS X Update Server to check and install the latest patches.
Third-party Application Patches
Saner PM provides extensive support for patching widely used third-party applications across platforms.
Please refer to the Supported Third-party Applications List for an up-to-date catalog of applications Saner PM can patch.
Custom Remediation for Paid Applications
Some applications require paid licenses to access patch binaries (e.g., Adobe Acrobat Pro, certain enterprise tools). For such applications:
Saner PM allows you to perform custom remediation by uploading the patch installer manually.
You can then create and deploy a custom remediation job using the SanerNow console to apply the patch across targeted devices.
Notes
Ensure your firewall/proxy allows outbound access to update servers (Microsoft, Linux repos, Apple).
Patching behavior may vary based on endpoint configurations or group policies (especially in enterprise environments with WSUS).
For further assistance or to configure custom patching rules, please reach out to our support team at support@secpod.com.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article