Download Patches Manually

Applies To: WatchGuard Patch Management

In some cases, WatchGuard Patch Management cannot get a download URL to install a patch automatically. This can occur when a patch requires payment, is not a publicly available patch, or requires user registration to download. For these patches, you can download the patch manually and add it to the patch repository on a WatchGuard Endpoint Security cache computer, so computers can install it. To manually add a patch to the repository, you must have the download URL of the patch. For more information, go to Configure the Cache Computer List Manually.

Linux computers use the distribution package manager to download patches from the Internet. They cannot download patches from a cache computers you specify in WatchGuard Endpoint Security.

To install patches that require manual download, follow these steps:

  1. Identify patches that you must manually download.
  2. Get the patch download URL from the vendor and download the patch.
  3. Add the downloaded patch to the patch repository.
  4. Mark the patch as manually downloaded and available to install.

Identify Patches that Require Manual Download

Create a query to generate a list of patches that require manual download.

To identify patches that require manual download:

  1. In WatchGuard Cloud, select Monitor > Endpoints.
  2. Select Status.
  3. From the left pane, in the My Lists section, click Add.

Screen shot of Add List dialog box

  1. Click Available Patches.
  2. Enter a name for the list (for example, Available Patches with manual downloads).
    You can create a scheduled report to send the generated list by email. For more information, go to Schedule a Report.
  3. In the Installation section, configure these filters:
    • Requires Manual Download — Selected
    • Show Non-downloadable Patches — Yes
  4. Click Save.
    The list shows all patches that computers on the network require which Patch Management cannot download automatically.

Screen shot of Available Patches list that shows patches that require manual download

Get the Download URL and Download the Patch

When a patch cannot download automatically, Patch Management provides a link to manually download the patch.

To get the download URL and download the patch:

  1. In the Available Patches list, click a patch that requires manual download.
    The Patch Detected details page opens and shows details of the patch.

    Screen shot of the Patch Detected page that shows the Download URL

  2. Note the exact file name shown in the Patch Details section.
  3. To download the patch, click the Download URL link.
    The patch downloads.

Add the Downloaded Patch to the Patch Repository

After you download the patch file, you must copy it to the Endpoint Security program folder .

Patches can be downloaded from cache computers and the Internet. Patches cannot be downloaded through an Endpoint Security proxy.

To add the downloaded patch to the patch repository:

  1. Identify a computer on the network that has Endpoint Security installed and has the cache role.
  2. Copy the downloaded file to this path on the cache computer:

C:\ProgramData\PandaSecurity\Panda Aether Agent\Repository\ManuallyDeploy

If you installed WatchGuard Endpoint Security on a computer drive that differs from the default installation drive, copy the file to X:\PandaSecurity\Panda Aether Agent\Repository\ManuallyDeploy, where X is the drive where the repository is located.

  1. If the ManuallyDeploy folder does not exist, create it with read and write administrator permissions.
  2. If needed, rename the downloaded file to match the File Name you noted in the Get the Download URL and Download the Patch section.

Mark the Patch as Manually Downloaded

After you copy the patch to the repository, you can mark the patch as manually downloaded from the Available Patches list.

After you mark a patch as manually downloaded, its status changes from Requires Manual Download to Pending (manually downloaded) for all computers that need to install it and the patch can be installed like an automatically downloaded patch. For more information, go to Install Patches.

Patch Management does not check if there are patches with the Pending (manually downloaded) status on cache computers, or whether computers on the network that require a patch have a cache computer assigned that has the patch in its repository. You must make sure that cache computers used for patch downloads have all necessary manually downloaded files in the ManuallyDeploy folder.

To mark a patch as manually downloaded:

  1. In the Available Patches list, select the check box in the rows of any patches you want to mark as manually downloaded.
  2. On the toolbar, click Mark as Manually Downloaded.

Screen shot of the Mark as manually downloaded button

  1. Click OK.

If necessary, you can later disable a manually downloaded patch. For more information, go to Disable a Manually Downloaded Patch for Installation.

Install Non-Downloadable Patches

Next, you find the patch you downloaded in the Available Patches list and create a task to install it.

To install patches:

  1. In WatchGuard Cloud, select Monitor > Endpoints.
  2. Select Status > Patch Management.
  3. In the Available Patches tile, click View All Available Patches.
    The Available Patches list opens.

    Screen shot of Available Patches list

  4. Click Filters and filter the list to show the non-downloadable patches.
    You could also filter the list for a computer you want to install the patch on.
  5. In the results, select the check boxes for the computers and patches you want to install.
    The icon shows next to computers designated as a test computer for patch installation.
  6. In the toolbar:
    • To install the patches immediately, click Install. In the dialog box that opens, click OK.
      Patch Management adds a patch installation task and starts it immediately.
    • To install the patches at a specific time, click Schedule Installation. In the dialog box that opens, click Schedule Installation.
      The Edit Task page opens. Follow the steps to Download Patches Manually.
  7. On the Tasks page, confirm that the patch installation task completed.

Screen shot of completed patch installation task

Disable a Manually Downloaded Patch for Installation

If you no longer want a manually downloaded patch to be available to install, you can disable the patch for installation.

To disable a manually downloaded patch for installation:

  1. In the Available Patches list, click Filters.
  2. In the Installation section, select the Pending (Manually Downloaded) check box.
  3. From the Show Non-downloadable Patches drop-down list, select Yes.

Screen shot of Available patches list and filter

  1. Click Filter.
    The list shows all computers with patches manually downloaded and enabled for installation.
  2. Select the check box in the rows of any patches you want to disable installation for.

  1. In the toolbar, click Mark as ‘Requires manual download’.
    The patch is removed from the repository of installable patches, and you cannot install it.

Related Topics

About Patch Management