# Windows Patch Management
The CyberCyte portal provides a patch management module for Windows updates. The users can select patches and apply one by one.
Please follow these steps below for proper configuration:
* Login to the CyberCyte portal and navigate to "Rules & Policies" -> "Policy Management" -> Search for "Windows OS Patching Def. Policy" with search bar. Click on the three dots right side of the grid and click on the "Edit" button.
* By default, only the "Notify If Reboot Needed" should be enabled and default "Collection Interval" should be 4 hours.
The important parameters are explained in the table below:
| Parameter | Description |
| ---------------------------------------------- | ------------------------------------------------------------------------------------ |
| Assigned Groups | The groups that take the policy. |
| Collection Interval (Hours) | Th interval for data collection, default is 4 hours. |
| Immediately Install Defender Signature Updates | Option for installing MS Defender signature updates. Disabled by default. |
| Install Security OS Patches | Option for installing security OS patches. Enabled by default. |
| Install Security Patches with Secerity | The section for classify the seveirity of the OS patches. |
| Install Critical OS Patches | The option for installing the critical OS patches. Disabled by default. |
| Install OS Patches | The option for enabling the installation of the OS patches. Disabled by default. |
| Delay Applying Non-Security Patches (Days) | The day interval for delay applying the non-security patches. The default is 5 days. |
| Delay Applying Secuirty Patches (Days) | Tha day interval for delay applying the security packages. The default is 1 day. |
| Notify If Reboot Needed | The option for notify if reboot is needed. |
| Notification Timeout (Hours) | The timeout for notification. The default is 12 hours. |
| Notification Message Header | The message header for notification. |
| Notification Message | The content of the notification message. |
| Enable Reboot | The option for enabling the reboot. Disabled by default. |
| Reboot Delay After Patches are Applied (Days) | The day interval for after applying the patches. The default is 3 days. |
| Security Patch Installation Frequency | The frequency for security patch installation. The default is daily. |
| Patch Installation Frequency | The frequency for patch installation. The default is daily. |
| Patch Installation Weekday(s) | The multiselect section that designed for selecting the patch installation days. |
| Patch Installation Time Interval | The time interval for patch installation in day time. |
| Delete Download Patch Files Interval (Days) | The interval for deletion of the downloaded patch files. |
| Patch Types to Install | The patch types for specific patch installation. |
* Click on the "Save" button. The agent will take the policy in the next iteration. The results can be observed under the "Security Assurance" -> "Windows Patch Management" -> "Missing Patches".
* The users can trigger updates from the grid with right click -> "Patch Management" -> "Install Immediately" or "Plan Installation Date".
| Sections | Description |
| ------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Patch Management | This section display all of the machines patch information. The users can observe the machines last update information. |
| Missing Patches | The missing patches are listed in this section. The users can observe the missing patches and trigger the specific path update on the machine from the portal. |
| Missing Patches Analysis | This section allows users to observe the missing pathes properties. |
| Patch Testing Jobs | This section allow users to observer the patch testing jobs that assigned on devices. |
| Patch Testing Job Results | This section allow users to observer the patch testing job results that assigned on devices with details. |
| Patch Histroy | This section allow users to observe the patch update history on the machines. The users can uninstall the patches on the machines. |
| Excluded Patches | This sections represents the excluded patches on the devices |
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.cloudcyte.com/getting-started/configuring-modules/windows-patch-management.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.