How To: Supply and Deploy Patches That Can Not Be Downloaded

Version 4



    The purpose of this document is to discuss how to make patches available for deployment when they can not be downloaded through Protect or Ivanti Patch for Windows Servers.




    This can be caused by patches being moved behind a login screen, a vendor uses a static update URL,  or the patch has been removed from a public download location.




    Step 1: Obtain a copy of the needed patch

    • Download an appropriate copy of the patch from the vendor (if available). Always use any safe and reliable source to obtain the needed patch.


    Step 2: Rename Patch to match the Protect naming convention


    • In order for Protect to recognize the patch as downloaded, it will need to match the correct naming convention.
    • You will find the required file name in the Patch Information tab. Example found below:


    Step 3: Add Patch to Console Repository


    • After an appropriate copy of the patch as been downloaded and has been renamed appropriately, move the patch to the console's repository location.
    • To find the location of your repository,
      • In Protect 9.2 and earlier: Go to Tools > Operations

      • In Ivanti Patch for Windows Servers 9.3: Go to Tools>Options>Downloads


      • Console Repository is reflected under 'Patch download directory'


    • Navigate to the patch repository location (as found previously) and drop in the patch file.
    • To verify the console knows the patch is available for deployment, look for the downloaded icon to show green as shown here:

    Step 4: Deploy


    • Deploying is no different. Just select the patch and deploy as normal.


    Additional Information


    To exclude these patches from your scan please follow this guide: How To: Include or Exclude Patches from your Scan Results


    Affected Product(s)

    Protect 9.x

    Protect SDK (download caveat)

    Ivanti Patch for Windows Servers 9.3+