About Windows Patch View

Windows Patch View is an extremely powerful and flexible tool. It is used to create custom patch groups that enable you to scan for a particular set of patches. Windows Patch View also enables you to display detailed information about every product patch contained in the data definition file. It organizes the information so it is displayed in one comprehensive view, regardless of when the patches were released.

With Windows Patch View you can:

  • Create and maintain patch groups

  • Identify Checkpoint Patch Chains

  • Quickly and easily display the list of products supported and the associated patches with each product
  • Display detailed information about any patch
  • Filter the information and drill down into the table for a more detailed analysis
  • Search for specific patches or patch components
  • Perform actions on each patch
  • Quickly determine which machines have a selected patch installed or are missing a selected patch

Windows Patch View is accessed by selecting View > Windows Patches or by creating a new patch group (New > Windows Patch > Patch Group).

Checkpoint Patch Chains

In May 2025, Microsoft introduced checkpoint patches as a method for delivering smaller and more incremental updates. These updates contain only the code changes that have occurred since the previous deployment, ensuring that each patch is concise and targeted.

Checkpoint patch chains are sequences of updates where each patch depends on the successful installation of its predecessor. By following these chains, systems can be updated incrementally, reducing the risk of errors and ensuring that changes are applied in the correct order.

Within Ivanti Security Controls, certain prerequisite patches that form part of a checkpoint chain are identified with a flag icon ( ) on the View Machines → Windows Patches tab under the applicable Bulletin Title. It is important to note that the flagged patch is not necessarily the latest patch available, but rather a required prerequisite within the checkpoint chain.

This checkpoint patch identification is relevant only for Agent-based Security Controls, allowing administrators to easily recognise and manage the sequential patches necessary for full compliance and system security.

If you roll back the latest patch in a checkpoint chain, all patches deployed as part of that chain rolls back. This rollback behavior is controlled by Microsoft and applies to all checkpoint-based OS patches.