Get Started with Patch Policy

Use the Patch Policy application to establish continuous patching across your enterprise. A patch policy is a set of criteria that defines a patch list; that is, a collection of Fixlets that meet the patching criteria of a specific set of endpoints. Create patching schedules for different groups of machines and assign different deployment behaviors to each. Set patch timing, frequency and duration, pre-caching and retry behavior. Stagger start times, bypass errors, and notify device owners when a restart is pending.

Implement a patching strategy that meets your organization’s patching cycles and security guidelines. Use patch policies to establish and maintain a process of continuous security and compliance for your organization. Patch Policies currently supports Windows and Red Hat Enterprise Linux (RHEL) patching.


  • BigFix Platform version 9.5.5, or above.
  • BigFix WebUI installed and running.
  • Subscriptions to all applicable BigFix patch sites.

Patch Policies supports the Windows and Red Hat Enterprise Linux (RHEL) patch sites. From the BigFix Console, enable any patch sites that are relevant to your deployment, and subscribe all computers to those sites.