How does patch assessment work?

Patch assessment is disabled in the default policy. Once patch assessment is enabled, computers begin an assessment. This can take several minutes. Subsequent assessments occur at the interval set in policy, which is daily by default.

Note: If computers run an assessment before Enterprise Console has downloaded patch data from Sophos for the first time, the Patch Event viewer displays no results. The download can take several hours. To check if this has completed, see the Patch updates field in Events > Patch Assessment Events.

If the patch agent cannot update from Enterprise Console, for any reason, it will continue to assess computers against the previously downloaded patch detections.

Computers are only assessed for security patches on software that is installed on the computer. If a new patch is released that supersedes an older patch, then patch assessment will no longer check for the presence of the older patch. Only the new patch will be assessed.