General discussion


Patch Management

By lachlann562 ·
I have just recently started on a project for implementing a patch management solution. So far these are the products i've learned about:
Microsoft WSUS (Upgraded SUS - not yet released)
Micrsosoft SMS
Shavlik's HFNetCheckPro

I am with a company of about 300 employees, and 200 servers (DMZ's, extranet, intranet).

Any help would be appreciated.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -


by Wayne B In reply to Patch Management

Don't know if anyone else has mentioned this but Microsoft's WSUS is available now and it works very well. Best of all, it won't cost you anything but some space on a server. I would recommend using SQL for the number of servers that you have.

Collapse -


by Trevor.Odell In reply to Patch Management

Look at BigFix -
It is a cross platform patch solution with asset management capability. We use it to pacth our global enterprise ( 3,000 servers, 20,000 + desktops ). It uses a distributed architecture and is WAN aware, so you are not sending a patch to every device at the end of a WAN link, but to just the one you designate as a "relay". The relay will then distribute locally to the other devices - i.e. very small network footprint.

Collapse -

UpdateEXPERT is good

by Glason In reply to Patch Management

UE is good, and it is especially useful when managing patch installation and reporting for DMZ boxes where traffic is normally restricted.

Collapse -

Agree, UpdateExpert works fine

by GrPaKi In reply to UpdateEXPERT is good

We've been using UpdateExpert ( for years, and it seems to be pretty reliable. Recent versions cover a collection of software in addition to the operating system. We only use it for servers though - workstations are handled by Novell Xenworks which is superb for that purpose.

Collapse -

LANDesk Management Suite or Securtiy Suite

by drnz_54 In reply to Patch Management

Best Desktop Mgmt tool around...ok for Server Mgmt unless u have Proliants. Best VAR of this product: NetworkD

Collapse -

Patch Management and More

by yuryc In reply to Patch Management

Try using altiris, it does more than that

Collapse -

Track-IT Deploy

by zaferus In reply to Patch Management

We've just attained TI-Deploy and are testing it on our network. It takes a broader stance and will let us roll out/back any patch (MS or otherwise) as well as deploy any software package or files. It looks good on the surface, but we've just started mucking around with it.

Collapse -

Another option

by hal.friskey In reply to Patch Management

You might check out iPass's Endpoint Policy Mgt

Collapse -

Try ZenWorks - Just BRILLIANT

by mdisbury In reply to Patch Management

Maybe you should consider ZenWorks, ZEN=Zero Effort Networking. Forget the Novell sticker, it's absolutely brilliant, the latest version runs on just about any platform, including Windows and Linux. It latest version has an excellent patch management deployment agent, and not just for Windows, but for any applications.
BTW, why has your company got 200 servers for only 300 employees?

Collapse -

Patch management solution - FREE

by elPresidento In reply to Patch Management

Well guys, just have a quick look at the Heimdal Security Agent, which has just been launched in Denmark by CSIS.

This security tool constantly keeps a selection of actively exploited software patched (the patch is provided by the vendor itself). The entire patching process is silent and unattended. So you just have to press the SCAN button and the patching process is done automatically.

Currently we are monitoring the following list of software which is known for their popularity and as well as being the most vulnerable too according to NVD (National Vulnerability Database):

1. Windows Media Player
2. Internet Explorer
4. Mozilla Firefox
5. Adobe Reader
6. Adobe Flash player (mozilla plugin)
7. Adobe Flash plugin (ActiveX IE plugin)
8. Adobe Shockwave Player
9. Apple Quicktime
10. Oracle JRE (Java Runtime Environment)
11. Winzip
12. Skype
13. Opera browser

I bet you should have at least 5 of the above software installed on your home PC, with them remained in vulnerable state because you did not find time to download the latest version or is too lazy to download the patch or does not care at all ;=)

In fact, many users ignore the existence of exploits on these programs and are hence left vulnerable to attacks by hackers when they do online banking or other online transactions. Heimdal Agent helps to mitigate this vulnerability risk.

Another feature provided by Heimdal Agent is that you will have the possibility to remove information stealers (i.e. malwares from your machine).
If you want to install this security software, with me as referrer, well it is simple ...

Steps to follow:
--> Go to:
--> username:
--> pass: amu
--> Download the Heimdal Agent
--> Install the software
--> Send your feedback to me (help -- send feedback)

Demo of the software:

Another option is to download the software from our website itself:

Good news: we are going to monitor Google Chrome, Adobe Air, Real Player, ITune, Safari, Windows live messenger, Other Microsoft products and many more soon..

please see release note :

Related Discussions

Related Forums