[KB8451] Enable and configure ESET Vulnerability & Patch Management in ESET PROTECT

Issue

  • Enable and configure ESET Vulnerability & Patch Management feature in ESET PROTECT
  • Enable auto-patch management in ESET PROTECT
  • Enable OS auto updates via  ESET Vulnerability & Patch Management feature (Windows)

Solution

ESET Vulnerability & Patch Management availability

To use ESET Vulnerability & Patch Management, you need to manage your devices with ESET PROTECT.

ESET Vulnerability & Patch Management is not available in ESET PROTECT On-Prem.

  1. Prerequisites
  2. Enable and configure ESET Vulnerability & Patch Management feature in ESET PROTECT
  3. Enable auto-patch management in ESET PROTECT
  4. Enable OS auto updates via  ESET Vulnerability & Patch Management feature (Windows)

I. Prerequisites

ESET Vulnerability & Patch Management is included in the following solutions:

  • ESET PROTECT Complete
  • ESET PROTECT Elite
  • ESET PROTECT MDR
  • ESET PROTECT MDR Ultimate

ESET PROTECT Entry and ESET PROTECT Advanced solutions do not include ESET Vulnerability & Patch Management. You can purchase ESET Vulnerability & Patch Management as a separate feature for ESET PROTECT Entry and ESET PROTECT Advanced solutions.

For ESET Vulnerability & Patch Management, we recommend testing this feature on a small number of endpoints before batch actions.

For more information about ESET Vulnerability & Patch Management, see the ESET Online Help.

ESET Vulnerability & Patch Management eligibility

Endpoint devices must be activated with an ESET Vulnerability & Patch Management-eligible subscription. If you enable ESET Vulnerability & Patch Management via policy without an ESET Vulnerability & Patch Management-eligible subscription, it will generate errors on the endpoint devices.

II. Enable and configure Vulnerability & Patch Management feature in ESET PROTECT

  1. Open the ESET PROTECT Web Console.

  2. Create a policy in ESET PROTECT or ESET PROTECT On-Prem.

  3. In the Settings section, select Common features from the drop-down menu, click Vulnerability & Patch Management, enable the toggle next to Enable Vulnerability & Patch Management, and click Edit next to Computer restart options.

  4. Select Restart from the Automatic action drop-down menu, select the appropriate option from the Postpone drop-down menu, and click Save.

    Server applications

    Server applications do not support automatic device restart actions to complete patch management.

  5. Click Edit next to Vulnerability & Patch Management scheduler.

  6. Set the Scan and patch start/end time in the respective fields, select the desired Recurrence type, select the Days of the week, and click Save. In earlier, non-compatible applications, the Monthly recurrence type will fall back to the default, for example, every day of the week.

III. Enable auto-patch management in ESET PROTECT

Server applications

Server applications do not support auto-patch management. Patch management must be performed manually.

  2. Create a policy in ESET PROTECT or ESET PROTECT On-Prem or edit an existing policy for ESET Vulnerability & Patch Management (recommended). Enable Vulnerability & Patch Management option must be enabled to enable Auto-patch management.

  3. In the Settings section, enable the toggle next to Enable auto-patch management for applications.

  4. The Auto-patch strategy consists of two options: Patch all except excluded applications and Patch only allowed applications.

    • Patch all except excluded applications

      The Patch all except excluded applications option updates all applications except those on the Excluded applications list.

      Select Patch all except excluded applications from the Auto-patch strategy drop-down menu and click Edit next to Excluded applications.

    • Patch only allowed applications

      The Patch only allowed applications option only updates applications on the Allowed applications list.

      Select Patch only allowed applications from the Auto-patch strategy drop-down menu and click Edit next to Allowed applications.

  5. Select the check boxes next to applications you want to allow/exclude and click Save.

    Duplicated application names

    The Applications available for patching list may contain duplicate entries. When selecting applications for patching, select the check boxes next to all entries with the same name.

    Applications might require a computer restart

    Some applications require a computer restart and can restart computers automatically.

    Applications licensed to a specific version

    Some applications can be licensed to a specific version. We recommend revising your applications.

    To avoid an unnecessary upgrade, set the Auto-patch strategy to Patch all except excluded applications while creating the policy.

IV. Enable OS auto updates via ESET Vulnerability & Patch Management feature (Windows)

  2. Create a policy in ESET PROTECT or ESET PROTECT On-Prem or edit an existing policy for ESET Vulnerability & Patch Management (recommended). Enable Vulnerability & Patch Management option must be enabled to enable OS auto-updates.

  3. In the Settings section, enable the toggle next to Enable OS auto-updates and click Edit next to Allowed OS auto-updates.

  4. Select the severity levels for applying OS updates via the policy, and click Save.

Last Updated: May 18, 2026

Additional resources

User guides

ESET Forum

YouTube videos
ESET Support News ESET Customer Advisories ESET Status Portal ESET Technical Support

Existing customer?