Topic
This article answers frequently asked questions about NinjaOne's third-party patching (3PP) feature.
Environment
NinjaOne Patch Management
Description
Select a topic to continue.
FAQs
- Does NinjaOne test updates before making them available? If so, what and how do they test? Are the updates safe when installed?
- For 3PP patching, when "Apply Immediately" is selected, the activity feed only shows when the apply patch is running and does not show the scan being run. Is this intended?
- Is there a limit to the number of languages into which reboot prompts triggered by NinjaOne and the Systray icon can be translated? Is there a way to see which languages are supported?
- Can software applications be updated when they are still open?
- What software can be patched using 3PP?
- If I reject a software patch, will this prevent newer patches for that software from being approved in the future?
- What is the recommended time to allow between scan and apply cycles when setting up my 3PP policy settings?
- Does a scan cycle run immediately prior to an application cycle occurring?
- Does 3PP through NinjaOne support Mac and Linux devices?
- How can I see how many devices have installed or failed to install a specific patch?
- How can I ensure that unwanted software is not being installed on my endpoints?
- How can an ad-hoc scan or apply cycle be run on multiple devices?
- A specific patch with known issues has been found in a scan and approved. How can I prevent it from being deployed in my environment?
- How do I update Microsoft .NET Desktop Runtime?
- Does NinjaOne utilize background updates for Microsoft Office 365?
Does NinjaOne test updates before making them available? If so, what and how do they test? Are the updates safe when installed?
NinjaOne does not test individual updates. We validate the file's signature and publisher, but we do not test the software's functionality.
For 3PP patching, when "Apply Immediately" is selected, the activity feed only shows when the apply patch is running, and does not show the scan being run. Is this intended?
We run a scan cycle before applying to ensure the latest information. If the Apply Immediately option is set, we skip the scan cycle and go straight to the apply cycle, as there is already a scan built in.
Is there a limit to the number of languages into which reboot prompts triggered by NinjaOne and the Systray icon can be translated? Is there a way to see which languages are supported?
This specific message and its conditional variations are available in all the languages we support: English, German, French, Spanish, Italian, Dutch, Swedish, Norwegian, Danish, Portuguese, Polish, and Russian.
Can software applications be updated when they are still open?
No. Applications must be closed to fully apply an update. If an application is still open when NinjaOne attempts to install an update, the install will fail, and the following error will appear in the activity log: "One or more products failed to update due to application running state."
What software can be patched by using 3PP?
A full list of software that can be patched by using NinjaOne's 3PP is available in the following article: Policies: 3rd Party Software Patch Management.
If I reject a software patch, will this prevent newer patches for that software from being approved in the future?
No, each patch has a specific ID. By rejecting one patch, you are only rejecting that specific patch ID.
What is the recommended time to allow between scan and apply cycles when setting up my 3PP policy settings?
We recommended separating the scan and update schedules by at least an hour (or more) to allow enough time for the first action to complete before the other starts.
Does a scan cycle run immediately prior to an application cycle occurring?
Yes, during a 3PP management apply cycle, the system also runs a scan before applying updates.
Does 3PP through NinjaOne support Mac and Linux devices?
Yes, NinjaOne's 3PP natively supports Mac and Linux devices.
How can I see how many devices have installed or failed to install a specific patch?
On the organization or system dashboard, place your cursor over the Software tab at the top of the page. This action will open a drop-down menu listing the software statuses (Pending, Approved, Rejected, Installed, and Failed). Click any option to open a list of software patches in the respective status.
The number listed under the Devices column is a link to a list of the respective devices.
How can I ensure that unwanted software is not being installed on my endpoints?
Software will only be installed on managed devices if the Install option is set to Yes, or if the installer for that software is overridden to be approved when found in a scan. Make sure you select No for the Install option when configuring the Products section of your software policy settings for any software that you do not want to install on managed endpoints.
How can an ad-hoc scan or apply cycle be run on multiple devices?
To run an ad-hoc scan/apply cycle on multiple devices, navigate to the Device Search tab. Here, you can filter for certain devices or simply check off the devices on which you'd like to run the scan/apply cycle. Place your cursor over Run at the top of the list, and then select Software Update → Scan or Apply.
If this option does not appear, make sure that all the devices you have selected are online and have 3PP enabled.
A specific patch with known issues has been found in a scan and approved. How can I prevent it from being deployed in my environment?
From the System Dashboard, navigate to Software → Approved, check off the patch in question, and choose Reject for Policies.
Alternatively, if the patch has not yet been found in a scan, make sure it is not auto-approved. Ensure that both Critical and Recommended patches are set to "Manual" approval in the Products section of your Software policy settings. This will place patches into a pending status and let you manually approve or reject them.
How do I update Microsoft .NET Desktop Runtime?
NinjaOne supports patching .NET Runtime via winget.
Does NinjaOne use background updates for Microsoft Office 365?
Yes, NinjaOne uses background updates for Microsoft Office 365.