Patch Sideloads

If a patch file is not available as an automatic download from a vendor, it will require sideloading. Sideloading is when a patch file needs to be manually sourced from the vendor. This may happen in situations such as, if a vendor only makes the latest patch available and you want an older patch, or the patch download link may be behind a paywall and require a login to the vendor website, so manual selection or intervention is required.

Sideloaded patch files are stored in so-called blob-storage. To access this storage, you may need to add a URL to the allow list of your firewall. For the exact URL, see the applicable landscape-specific section of Required URLs, IP addresses and ports.

You manage sideloads in the Ivanti Neurons Platform Patch Management > Patch Intelligence, on the Sideloads tab. The tab has two sections: Pending Sideloads and Completed Sideloads.

Patches that require sideloading can be identified on the Advisories dashboard > summary grid > Download Status column.
Possible download statuses are:

  • Automatic: The patch file is automatically available from the vendor.
  • Sideload required: The patch file is not automatically available from the vendor and requires the patch to be manually sourced and uploaded to Ivanti Neurons.
  • Sideload in progress: The patch file has been selected and is currently being uploaded to Ivanti Neurons.
  • Sideloaded: The patch file has been uploaded to Ivanti Neurons and the content is available for deployment.

Pending Sideloads

This section lists all of the selected patch files that require a manual download from the vendor.

You must download the patch file from the vendor website and save it to a local folder. Be sure to download the correct language version of the file. The file must be of a supported file type: .cab, .exe, .iso, .msi, .msp, .msu, .zip.

Do not navigate away from Patch Intelligence while any file is uploading, otherwise any uploads in progress will be canceled.

All files selected for sideloading are listed, with the following information:

Name: The patch file name.

External Vendor: The name of the patch vendor.

Culture: The language the file is available in.

File Status: The status of the patch file. Possible status are:

  • No file selected: You need to click Select File to choose the patch file to upload.
  • Uploading: The file is currently being uploaded to Ivanti Neurons.
    Do not navigate away from Patch Intelligence whilst this is in progress, otherwise the upload will stop.
  • Verifying: The file undergoes the four verification scans to check for risks:
    • File Header Match: An attempt is made to match the file header for the file extension.
    • Sha-256 Hash Confirmation: Calculates the SHA-256 hash of the patch file. Please check that it matches the expected value with the vendor.
    • Digital Signature Validation: An attempt to verify the digital signature of the patch file. If the patch file is not signed, you will be prompted to manually confirm the file details. For your convenience, a SHA-256 file hash of the file is displayed in the expandable file details panel.
    • Threat Scan: The file is scanned by an anti-virus scanner for threats.
  • Verified: The file has successfully passed all scans and been verified.
    Once verified you can expand the file to expose a review panel, showing details such as size, hash key, verified scan results and thumbprint.
  • No file extension: The selected file has no file extension.
  • Threat scan failed: The threat scan has failed and the file is classed as high risk.
  • File type not supported: The selected file is not in a supported format. The file must be one of the following types: .cab, .exe, .iso, .msi, .msp, .msu, .zip.
  • Multiple scan failures: The patch file has failed at least one of the four verification scans.
  • Vendor certificate mismatch: The digital signature of the uploaded file did not meet the expected vendor for the patch.


  • Select File: Opens File Explorer. Locate and select the required file to download.
  • Approve: Once the patch file has been downloaded and verified, click Approve . This moves the file down to the Completed Sideloads section, making it available for deployment in the usual manner.
  • delete icon: Select the bin icon next to the file to delete the file from the pending list.

Completed Sideloads

This section lists all manually downloaded patch files that have been verified and approved. The following details for each file are provided:

Name: The vendor name for the patch file.

Culture: The patch file language.

Approved By: The name of the user that approved the file.

Approved Date: The date the file was approved.

File Name: The name of the uploaded file.

Size: The file size.

Status: The status of the file:

  • Verified
  • No valid signatures
  • Vendor certificate mismatch
  • Multiple scan failures
  • Unknown error
  • Threat scan failed


  • Replace: Select the check box to the left of the patch name and click Replace to move the patch back up to the Pending Sideloads section. You can then select a different file to download for the patch, for example if there is a later file that's been made available.

  • Delete: Select the check box to the left of the patch name and click Delete to delete the patch. If you want to sideload this patch you will need to re-select it on the Patches tab of the Patch Details pane to re-add it to Pending Sideloads.