Test Patches

Before deploying your Custom Patch List to the various groups that you've created, you need to test them. Testing each patch is vital for finding different software conflicts. By testing your patches, you can discover issues that they cause and confine those problems to a small sample size of endpoints and not your entire organization!

• Automated deployment without testing is risky and not advised. Be certain to test the patch in each environment of your previously defined groups and deploy the patches in phases.
• Pay special attention to any potential impact to custom-developed, internal applications, especially when deploying Java updates.

  If you have a shortage of time or resources on Patch Tuesday, browse the Ivanti Patch Tuesday page for information on Patch Tuesday patches. This practice is a great way to discover patch issues without testing.

To Test Patches:

1. From the Navigation Menu, select Manage > Groups.
   
2. Make sure that the Vulnerabilities/Patch Content view is selected.
   
3. From the Group browser, select your test group.
   
4. From the Patch Content Browser, select your custom patch list.
   
5. Select all patches in the list, and then click Update Cache.
   Updating the cache downloads the patches from the cloud to your local Endpoint Security Server. Caching patches to your Endpoint Security Server increases deployment speed and optimizes deployment order.
   
6. Wait for the patches to cache. The icons in the column indicate caching progress.
   • : This icon indicates that the patch is still caching. Keep waiting.
   • : This icon indicates that the patch has finished caching. Wait for all patches in the Custom Patch List to display this icon before continuing to the next step.
7. Select all patches listed, and then click Deploy.
   
8. Complete the Deployment Wizard.

   When you get to the Deployment Confirmation page, make sure that number of selected packages and endpoints/groups is what you expect.

   
   

9. Navigate to Manage > Deployments and Tasks. Expand your Test Deployment.
   

10. Review the deployment outcome after it finishes.
    • If a patch deploys successfully to all endpoints (as indicated by the icon), then the patch is safe to deploy to your organization.
    • If a patch does not deploy successfully to all endpoints (as indicated by the icon), you should not deploy the patch to your organization. Investigate why the patch is not deploying successfully, and then take one of the following actions:
      • Fix the problem.
      • If you can't fix the problem and the patch isn't successfully deploying to a large number of endpoints, consider removing it from the Custom Patch List.
      • If you can't fix the problem and the patch isn't successfully deploying to a few endpoints, you can mark it Do Not Patch for those endpoints. Do Not Patch is a state that exempts selected endpoints from receiving deployment of that patch.

The Patch Tuesday patches are tested. After confirming all patches are functioning as intended (or dealt with if functioning incorrectly), begin rolling the patches out. See the next section for more details.