Patch Configuration: Granular Control Over Blackout Hours
The new Patch Configuration feature in CYRISMA provides administrators with fine-tuned control over how and when patches are deployed across customer environments. Whether you’re protecting critical systems or managing operational uptime, this feature ensures maximum flexibility with minimal disruption.
Written by Liam Downward
Updated at May 1st, 2025
- User Manual
- Self Onboarding Guide
- Agents
- The Cyber Risk Assessment Process
- PSA Integrations
- General Questions and Troubleshooting
- The Cyber Risk Assessment Process (Video Tutorials)
- Sales and Prospecting Articles
- CYRISMA Partner Portal Access
- Glossary
- API Documents
- CYRISMA Change Log
- Support Ticket SLA
- Billing Questions
Table of Contents
🛠️ Key Capabilities
✅ Exclude Specific Machines from Patching
Prevent certain devices—such as critical servers or legacy systems—from receiving automatic patches.
Ideal for sensitive systems that require manual updates or downtime coordination.
Helps avoid patch-related compatibility issues.
⛔ Block Third-Party Applications from Auto-Patching
Designate which third-party applications should not be patched automatically.
Useful for apps that are known to break with certain updates.
Maintains operational stability and compatibility for client environments.
🕒 Define Patch Blackout Times
Create blackout windows to temporarily pause patching during critical hours (e.g., 11:30 AM – 4:00 PM).
Prevents interruptions during peak usage or business-critical operations.
Ensures patches are only applied during safe, predefined windows.
📋 How to Configure
Navigate to:Vulnerability Scan > Patch Manager > Patch Config
⚙️ Patch Configurations – Field Breakdown
The Patch Configurations window allows administrators to control automatic patching behavior with precision. Below is an explanation of each field:
🔘 Auto Patch
Yes / No toggle to enable or disable automatic patching on the selected systems.
⏳ Auto Patch Installation Delay (Hours)
Set a delay period (e.g., 12 Hours) before a patch is installed after detection.
Useful for scheduling updates during off-peak hours or allowing time for review.
📋 No Install List
Select specific machines that should not receive automatic patches.
Ideal for excluding critical infrastructure or systems that require manual patching.
🚫 Third Party Patch Exclusion
Choose third-party applications to exclude from patching.
Prevents updates that may interfere with compatibility or custom configurations.
🕒 Blackout Hours
Set specific timeframes when automatic patching should be paused:
Blackout Start Time: Time when patching is suspended (e.g., 10:30 PM)
Blackout End Time: Time when patching can resume (e.g., 1:30 AM)
⏱️ Patches will queue during blackout periods and resume once the blackout ends.
🔄 Centralized Patch Management
This feature is part of CYRISMA’s vision to unify patching and vulnerability management under one interface. By consolidating control and reporting, partners can streamline workflows and reduce the risk of human error.