Patch Management - Decline / Hide Updates

Certain patches, often drivers, can be known to cause problems on devices. There is a keyboard driver update for example which I know causes the keyboard to stop working on certain models of Lenovo laptop. If it were to be installed accidentally from the list of missing patches, it would then need to be uninstalled at which point it reappears in the list of missing patches, and the cycle starts anew. I have set driver updates to not automatically install, but the problem comes when running a vulnerable systems report or looking at a device and seeing it is missing a patch, the ability to install the update by mistake is always there.

To prevent someone from accidentally installing it on a device, it would be handy if there was a way to decline or hide specific updates from devices so that they do not count toward the missing patches count and do not have a button allowing it to be installed.

I’m not sure on the best way to implement this exactly. Perhaps a WSUS-like system where certain update types can be automatically approved (critical and security for example, but with the choice to automatically approve whichever types of update we want) while others are then moderated and need to be approved before they install. This way those who want a very hands-off approach can just set everything to auto-approve, while those who want to be able to moderate which updates are installed can do so.


I am confused on why this is not possible (in even the most basic RMM). Patch management doesn’t mean blast all patches out to all systems. Patch “management” requires a means to manage the patches. We are lying to our clients when we tell them we provide patch management. Law suit.

1 Like

This topic was automatically closed after 180 days. New replies are no longer allowed.