Software Management

Software Management is a vulnerability and patch management module for Windows and Apple machines. Software Management also manages deployment of popular third-party software packages for both Windows and Apple operating systems. Patches for third-party software are included, if made available by third-party software package developers.

Scanning and deployment can be on demand or automated across thousands of machines. Settings are assigned to machines using profiles for scanning, deployment, alerts, third-party software, and patch overrides. Once profiles are assigned, policy enforcement is validated using compliance checking metrics for scanning and deployment.

Features

Scan and analysis profiles support the following two different strategies for managing software updates:
- Configure Operating System Update: Configures how updates for Windows and Apple machines are performed on assigned machines. Individual Windows and Apple patches are not reviewed and selected using this option. Third-party patches cannot be deployed using this strategy.
- Kaseya Update: Specifies whether to approve, reject, or review patches based on a preassigned impact classification. This patch strategy applies to Windows, Apple, and third-party software patches.
Deployment profiles specify how deployments occur on a recurring schedule. This includes the following:
- Reboot preferences.
- The optional running of agent procedures both before and after deployment.
- Optional blackout windows to prevent scheduling deployments during business hours.
Includes patch approvals, which lets you approve or reject specific patches.
Supports scanning and deploying patches immediately.
Provides a force update feature, which initiates a scan, then deploys all installed and approved patches immediately, rebooting as often as necessary.
Third-party software profiles enable you to maintain lists of popular software titles and versions that can be installed on agent machines.
- A Software Management license is incremented only when third-party software management is enabled for an agent machine.
- Third-party software can be installed only by deployment profile.
- Requires a scan and analysis profile be assigned to the agent machine that uses the Kaseya Update strategy.
Patch override profiles by KB article, patch number, and filter criteria can be specified. When assigned to a machine, these profiles override the default classifications assigned to patches: approved, rejected, or review.
Alerts are provided for patch and configuration issues.
A daily compliance check is run for delayed scans, delayed deployments, and percentage of patches deployed.
Software Management activities are tracked using reports, application logs, and diagnostic logs.
The Dashboard page includes two download links:
- A Patches Available PDF for quarterly patch information.
- An Installers Available PDF for installable third-party applications.

Refer to the following topics to learn about the areas of Software Management:

Software Management module minimum requirements

Kaseya Server

The Software Management R95 module requires VSA R95.
An agent version must be 9.4.0.12 or later.
Depending on the various operating systems managed, up to 200 GB of storage should be free to store patches.

Software Management Agent support

Microsoft Windows Server 2012, 2012 R2, 2016, and 2019
Microsoft Windows 8, 8.1, and 10
Software Management does not support Windows 7 ESU (Extended Support).
Apple macOS 10.13, 10.14, 10.15
Big Sur (11.0) support is currently in development.

Not supported for Software Management

Microsoft Windows 7 and Windows 7 (ESU)
macOS 11.0+

IMPORTANT Open UDP/TCP Outbound Port 3478 from the agents to stun.kaseya.com to optimize P2P deployments. Enable Consistent NAT, if it is an option in firewall configurations, especially SonicWall.

Configuring Software Management

Scan and Analysis

Create scan and analysis profiles on a recurring schedule. For each profile you create, you must decide on one of two patch strategies: Configure Operating System Update or Kaseya Update.

Refer to Scan and Analysis in Software Management profiles.

Deployment

Create profiles that specify how deployments occur on a recurring schedule. This can include running agent procedures both before and after deployment.

Refer to Deployment in Software Management profiles.

3rd-Party Software

Assign software titles, by version number, to a third-party software installation profile.

Refer to 3rd-Party Software 2.0: VSA 9 third-party patching.

Override

Optionally, create patch overrides for specific patches using the Override page.

Refer to Override in Software Management profiles.

Alerting

Optionally, create alerts using the Alerting page.

Refer to Alerting in Software Management profiles.

Settings

Optionally, enable compliance checking using the Settings page.

Refer to Application Settings and Migration in Software Management configuration.

Machines

Assign machines to the profiles you've created using the Machines page or any of the profile pages.

Refer to Machines in Software Management features.

Patch Approval

After a scan has been completed, any patch that requires review must be approved to deploy it. You can approve patches using the Patch Approval page or Machines page.

Additional guidelines

All agents assigned a Scan and Analysis profile using the Kaseya Update patch strategy must have a Deployment profile assigned to them or patches will not be deployed.
3rd-Party Software must be enabled on the Machines page for third-party software to be installed or patched.
You can scan machines immediately using the Machines page. A machine must be assigned a Scan and Analysis profile.
You can deploy patches immediately using the Vulnerabilities page or Machines page.
You can also deploy all approved patches and third--party software packages assigned to a machine immediately, rebooting the machine as often as necessary, using the Force Update option on the Machines page.

Reports

A category of report parts for Software Management is provided on the Info Center > Configure & Design > Report Parts page.

Logs

Refer to Software Management application logging.

A Software Management diagnostic log is provided in the Agent > Agents > Agent Logs > Diagnostic Logs > Endpoint tab.

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!