Windows critical patch automation not installing KB updateSolved

Hi @maevee!

In Hexnode patch management, check whether the KB update has been added under the Ignore section of the patch configuration. If a patch is marked as ignored, Hexnode will prevent that update from being installed on the target Windows devices, even if it matches the severity criteria in an automatic or manual patch automation.

To allow the patch to install:

1. Open the policy or automation where the Windows patch configuration is set.
2. Click Modify.
3. Go to the patch configuration section that contains the ignored KB numbers.
4. Deselect or remove KB5089549 from the Ignore list.
5. Save the policy.
6. Retry the patch deployment.

If the goal is to install all critical patches, the Ignore list should be left empty unless there are specific patches that must be blocked.abel

Best Regards,
Isabel Lora
Hexnode UEM

That explains it. I had selected the KB from the available updates list thinking that it would include it for installation. So if I want that update installed, I should leave it unselected in the Ignore section, correct?

Correct @maevee. Selecting a KB in the Ignore section tells Hexnode to block that patch from being installed. Leave it unselected if you want the automatic critical patch policy or manual patch deployment to install it. Only add a KB number to the Ignore list when you intentionally want to exclude that update from deployment.

Best Regards,
Isabel Lora
Hexnode UEM

Is there a way to push only one specific Windows patch to a group of devices instead of relying on the critical severity automation?

Yes. For selective patch deployment, use Manual patch deployment instead of a broad automatic patch policy. Manual patch deployment lets you choose specific patches and target them to selected Windows devices. This is useful when you want to deploy a particular KB update without enabling all available critical updates through automation.

Best Regards,
Isabel Lora
Hexnode UEM