Software Patch is a tool to create policies for third-party app patches. You can apply these policies to install or update third-party applications on selected endpoints. You can also specify whether or not Splashtop manages third-party application scans, updates or requires reboots based on a schedule.
Start with the interactive demo to walk through key setup steps and core workflows:
Interactive Demo
Or use this guide below to explore our Software Patching and features with detailed screenshots.
Supported Subscriptions
Your team must have Splashtop Autonomous Endpoint Management (AEM) enabled.
Requirements
-
Remote Side:
- Windows 10 and up; Streamer v3.7.2.0. and up.
- macOS 10.13 and up; Streamer v3.7.4.2. and up.
- Only team Owners and Admins have the ability to configure Software Patch policies.
Windows
| 4K Video Downloader Plus | Cisco Jabber | Garmin Express | Microsoft .NET 8.0 Desktop Runtime | Pandoc | Sysinternals |
| 7-Zip | Citrix Workspace | GIMP | Microsoft .NET 8.0 SDK | PDF24 Creator | Tailscale |
| 8x8 Work | ClamAV | Git | Microsoft .NET 9.0 Desktop Runtime | PDFCreator | Terraform |
| Access (Microsoft 365 Office) | ClipboardFusion | GlassWire | Microsoft .NET 9.0 SDK | PDFsam Basic | Texmaker |
| Active Presenter | CMake | Glow | Microsoft ASP.NET Core Runtime and Shared Framework | PDF-XChange Editor | TigerVNC |
| AdobeAIR | ColorMania | Google Chrome | Microsoft Edge | PDF-XChange Pro | TightVNC |
| Adobe Creative Cloud | ConEmu | Google Drive | Microsoft OLE DB Driver for SQL Server | PeaZip | TortoiseGit |
| Adobe Reader | Corretto 8 JDK | Google Earth Pro | Microsoft Visual C++ Redistributable for Visual Studio 2015-2022 | Perimeter 81 | TortoiseSVN |
| Advanced IP Scanner | CrystalDiskMark | Gpg4win | Money Manager Ex | pgAdmin 4 | Total Commander |
| Airtame | CutePDF | Graphviz | Mozilla Firefox | PingInfoView | Twingate (Client) |
| AllDup | Cyberduck | HandBrake | Mozilla Firefox ESR | Plantronics Hub | UltraVNC |
| Amazon Workspaces | DAX Studio | HeidiSQL | Mozilla Thunderbird | Plex | Vim |
| Atlassian Companion | DB Browser for SQLite | ideaMaker | MySQL Connector/ODBC Driver | Plex Media Server | VirtualBox |
| Audacity | DBeaver - Community Edition | ImageGlass | MySQL Workbench | PostgreSQL | Visual Studio Code |
| AutoIt | Dell Command | Update | IrfanView | Nitro PDF Pro | Power BI Desktop | VLC Media Player |
| AWS Command Line Interface v2 | DisplayFusion | Jabra Direct | Node.js | PowerPoint (Microsoft 365 Office) | VSCodium |
| Azure CLI | Docker CLI | Java SE Runtime Environment | Node.js LTS | PowerShell Core | WakeMeOnLan |
| Azure Data Studio | Docker Compose | JetBrains IntelliJ IDEA (Community Edition) | Notepad++ | Private Internet Access | WARP |
| Beeftext | Docker Desktop | JetBrains Pycharm Professional | Omnissa Horizon Client | Publisher (Microsoft 365 Office) | WebStorm |
| Beyond Compare | Double Commander for Windows | KeePassXC | OneDrive Desktop (Microsoft 365 Office) | Putty | Windows 10 Auto Dark Mode |
| Bitvise SSH Client | drawio-desktop | Krita | OneNote (Microsoft 365 Office) | RealVNC Server | WinMerge |
| BitWarden | Dropbox | Lens | ONLYOFFICE | RealVNC Viewer | WinRAR |
| BleachBit | Egnyte Desktop App | LibreOffice Fresh | opencode | Royal TS V7 x64 | WinSCP |
| BlueStacks | Evernote | Linkus Desktop Client | OpenOffice | SeaMonkey | Wireshark |
| Bulk Rename Utility | Everything | Maxima | OpenTofu | ShareX | WizTree |
| Calibre | Excel (Microsoft 365 Office) | Meson | Openvpn Connect | Slack | Word (Microsoft 365 Office) |
| Camtasia | FileZilla | Microsoft .NET 10.0 Desktop Runtime | Opera | Soda PDF Desktop | XnView MP |
| CCleaner | Foxit Reader | Microsoft .NET 10.0 SDK | Opera GX | Sourcetree for Windows Enterprise | Voxengo SPAN |
| Certify The Web | FreeCAD | Microsoft .NET 5.0 Desktop Runtime | OptiPNG | Splashtop Business | Zoom |
| Chef Infra Client | Freeciv | Microsoft .NET 6.0 Desktop Runtime | Outlook classic (Microsoft 365 Office) | Spring Tool Suite | Zotero |
| Chef Workstation | Freedom Scientific Fusion 2026 | Microsoft .NET 7.0 Desktop Runtime | Paint.NET | Sublime Text 4 |
Important (Microsoft Office deployments)Edition Match:
Ensure the selected package matches the currently installed Office edition (Business or Enterprise). Deploying a package for a different edition may replace the existing Office installation with the selected edition.
App Retention:
Ensure all required Office applications are selected. The underlying Office Deployment Tool (ODT) treats the selected applications as the desired configuration and may uninstall any Office application that is not selected.
MacOS
| 1Password | ChatGPT | LibreOffice | Visual Studio Code |
| 8x8 Work | Citrix Workspace | Microsoft Edge | VLC Media Player |
| Abstract | Cisco WebEx | Microsoft Excel | Wireshark |
| Adobe Acrobat Pro DC | Claude | Microsoft OneNote | Zoom |
| Adobe AIR | CotEditor | Microsoft Outlook | |
| Adobe Creative Cloud | Cursor | Microsoft Powerpoint | |
| Adobe Reader | Docker Desktop | Microsoft Teams | |
| Affinity | draw.io Desktop | Microsoft Word | |
| Airtame | Dropbox | Mozilla Thunderbird | |
| Amazon Workspaces | Evernote | OneDrive | |
| Amazon Chime | FileMaker Pro | ONLYOFFICE | |
| Asana | Foxit PDF Editor | OpenOffice | |
| Audacity | Foxit Reader | Opera | |
| Basecamp | GIMP | Opera GX | |
| Bitwarden | Google Antigravity | Real VNC Viewer | |
| Blender | Google Chrome | Safe Exam Browser | |
| Box Drive | Google Drive | Slack | |
| Brave | Google Earth Pro | Splashtop Business | |
| Bruno | Inkscape | Sublime Text | |
| CapCut | KeePassXC | Vivaldi |
Software Patch Policies
Creating Policies
You can create a policy that covers Software Patch in your web console under the Automation Endpoint Policies
Select Create Policy, edit the policy name (up to 64 characters) and description (up to 256 characters), select a Platform (currently only available for Windows and Mac) and choose a Parent.
NOTE: It is not possible to create multiple policies with the same name.
Policies can be created as enabled or disabled. Click on Create.
Creating Child Policies
To create a child policy, choose a Parent Policy when creating a new policy, or select the parent policy and, in the right-side options, select Create Child Policy.
Editing Policies
To edit existing policies, select Edit.
The options on the General tab can be classified into four sections.
Scan Schedule
This option allows you to create one or more fixed or routine scan schedules.
You can choose Daily, Weekly, or Monthly by clicking on the selector, and then set up a scan interval or time.
Update Schedule
This option allows you to configure update schedule(s) for the patch agent.
New Computer
This option ensures that the patch agent on a newly onboarded computer will initiate a scan or update immediately if the box is checked. When enabled, a computer that is newly onboarded directly into a group with this policy assigned will initiate a scan or update immediately. Computers moved into the group after onboarding will not trigger an immediate scan or update and will instead follow the next scheduled scan or update time.
Reboot Options (if required)
This option allows you to specify how the patch agent should reboot the computer, if necessary.
On the Software tab, you can choose the software you wish to manage and configure the relevant options.
Click the "Add Software" button to choose the software you want to manage from the dialog that appears. Multiple selections are possible.
There are different ways to assign policies to computers and groups. First, from the Endpoint Policies page, click on the policy and select Assign Group and Computer. Select the group and click on Assign.
Assign Policy to a Computer
The default setting of each computer is to "follow the group policy".
Individual computer policies can be edited / overridden. To do this, go to the Computers tab, and on the device you want to assign a policy to, click on Properties.
Next to the policy, click on Edit and select a Policy. Additionally, policies can be assigned in Computers → Properties.
Assign Policy to a Group
To assign a policy to a group, go to Management → Grouping. Create or edit a Computer Group and select the policy.
Editing Policies
To edit existing policies, select Edit.
When deleting a policy, the associated group's policy will roll back to the team Default Policy and its associated computers will fall back to "Follow Group".
All overrides on Computers will be deleted.
NOTE: Parent Policies with child policies cannot be deleted.
Management
In this context, an "update opportunity" refers to a new update that managed software on a managed computer can either upgrade to during the scan or has already been assigned.
A new update opportunity will be created when
- The patching agent on the computer finds a new version update during the scan.
- The patching agent is notified that the pre-approved version of the patch policy is changed and the current installed version is lower than the new approved version.
You can manage all the opportunities from the web console, under Management > Software Patch. Then select Windows or Mac Software Patch to continue.
An opportunity at a time may be in one of these states: Pending, Approved, Failed, Installed and Rejected.
- Each opportunity keeps a record of state changes.
- The Installed state is the end of an opportunity lifecycle.
- For an opportunity that never reaches the Installed state for any reasons, you can set it to the Rejected state to ignore it.
The Pending tab
All opportunities with a state of "pending" that were created within the selected time frame are displayed on this tab.
For each pending opportunity, the actions can be taken are: Approve or Reject.
- When a pending opportunity is approved or rejected, it is moved to the other tabs.
- Once a pending opportunity is approved or rejected, it will never be reverted to the pending state.
You can click on any opportunity to take an action, then click on the Actions dropdown to select Approve or Reject.
The Approved tab
All opportunities with a state of "approved" that were created within the selected time frame are displayed on this tab.
For each approved opportunity, the action can be taken is only: Reject.
- When the scheduled update is up, all the approved opportunities will start to update.
- When an approved opportunity is rejected, it is moved to the Rejected tab.
Click on any opportunity to take an action, then click on the Actions dropdown to select Reject.
The Failed tab
All opportunities with a state of "failed" that were created within the selected time frame are displayed on this tab.
For each failed opportunity, the actions can be taken are: Approve or Reject.
- When a failed opportunity is approved or rejected, it is moved to the other tabs.
Click on any opportunity to take an action, then click on the Actions dropdown to select Approve or Reject.
The Installed tab
All opportunities with a state of "installed" that were created within the selected time frame are displayed on this tab.
There is no action can be taken on an installed opportunity since it has reached the end of it’s life cycle.
The Rejected tab
All opportunities with a state of "rejected" that were created within the selected time frame are displayed on this tab.
For each rejected opportunity, the action can be taken is only: Approved.
- When a rejected opportunity is approved, it is moved to the Approved tab.
Click on any opportunity to take an action, then click on the Actions dropdown to select Approve.
When clicking on the Approve item on the menu popped by the dropdown button Action(s), it pops up the dialog displaying the options regarding the Approve action.
Select the versions you wish to use as the pre-approved versions for the selected policies. Then click on Confirm button to save the changes. Or click on Cancel button to close the dialog.
The Software Patch logs are collected under Logs > History. These logs are generated when the user clicks on the Save button on the Edit Policy page. All the changed items on the Software Patch tab generate logs one by one.
Main Scenarios
This scenario is to install a software on a computer if it is not installed. Three different policies are listed in below:
-
Policy 1: The pre-approved v0.9 will be installed and moved to the Approved tab after scan.
- Install if not present: Yes
- Pre-approved version: v0.9
- Approve new version: any
-
Policy 2: The latest version v1.0 will be installed and moved to the Approved tab after scan.
- Install if not present: Yes
- Pre-approved version: --
- Approve new version: any
-
Policy 3: The installation will be skipped since 'Install if not present' is set to No.
- Install if not present: Yes
- Pre-approved version: v0.9
- Approve new version: any
This scenario is usually used to ensure that the software version on managed computers is higher than a specific version number when vulnerabilities are addressed in that version. The pre-approved v0.9 will be installed and moved to the Approved tab after scan if the installed version is v0.8.
To manage software installations when a new update is released, you can create the following policies to determine whether to automatically approve or manually approve the new version.
-
Policy 4: The latest version v1.0 will be installed and moved to the Approved tab after scan.
- Install if not present: any
- Pre-approved version: <=v0.9
- Approve new version: Auto
-
Policy 5: The task will be moved to the Pending tab after scan.
- Install if not present: any
- Pre-approved version: <=v0.9
- Approve new version: Manual
You can implement ring updates by creating multiple Software Policies to categorize devices into different groups that receive updates at staggered intervals, allowing for more effective control over the rollout process. This approach ensures that updates are thoroughly tested before being widely deployed across all managed computers.
Use the policy inheritance for easier management.