PatchGuard monitors Windows update compliance across your fleet, tracks days since last patch, identifies machines that are falling behind, and alerts you before vulnerabilities become breaches.
Know the update status of every machine. Track hotfixes, days since last patch, and compliance across your entire organization.
The agent queries Get-HotFix on every check-in and reports installed updates, last patch date, and total hotfix count. You always know exactly how current each machine is.
Set a maximum days-behind threshold (default: 14 days). PatchGuard alerts you when any machine exceeds that threshold, so you can remediate before vulnerabilities are exploited.
Color-coded status at a glance: green for current, yellow for behind, red for critical. Drill into any machine to see its full hotfix history and the exact date of its last update.
Set your organization's patch policy: maximum days behind, notification preferences, and compliance thresholds. Different teams can have different policies based on their risk tolerance.
Get email alerts when machines fall behind your patch policy. Notifications include the hostname, days since last update, and total hotfix count so you can prioritize remediation.
See the complete list of installed hotfixes for any machine. Track KB numbers, installation dates, and update types. Export data for compliance audits and security reviews.
One lightweight Windows service. Takes 30 seconds to deploy. Works alongside PortGuard USB control and other GuardSuite tools automatically.
The agent queries installed hotfixes on every check-in and reports last patch date, hotfix count, and installed KB numbers to your dashboard.
Define your maximum days-behind threshold. PatchGuard flags non-compliant machines and sends you alerts until they're updated.
Monitor patch compliance across all your clients from a single dashboard. Identify which client environments are falling behind and prioritize patch deployment before vulnerabilities are exploited.
Patch management is a core control in every major compliance framework. PatchGuard provides continuous evidence that your endpoints are kept up to date, not just during audit windows.
Don't have enterprise patch management tools? PatchGuard gives you visibility into patch status across your fleet without requiring WSUS, SCCM, Intune, or any other infrastructure.
Unpatched machines are the #1 attack vector. PatchGuard shows you exactly which machines are most behind, so your security team can focus remediation on the highest-risk endpoints first.
Remote workers skip updates. Their laptops fall behind. PatchGuard monitors patch status regardless of network location, alerting you when remote devices drift out of compliance.
Lab computers, teacher laptops, and shared devices need to stay patched. PatchGuard monitors them all and alerts you when machines fall behind your update schedule.
No contracts, no minimums. Cancel anytime.
Or get all GuardSuite tools for $15/device/month
No. PatchGuard monitors and reports on patch status. It shows you which machines are behind and alerts you when they exceed your threshold. Deploying updates is handled through your existing process (Windows Update, WSUS, Intune, or manual patching).
PatchGuard checks the installation date of the most recent hotfix on each machine and calculates how many days have elapsed since then. If that number exceeds your configured threshold (default 14 days), the machine is flagged as non-compliant.
Yes. PatchGuard queries installed hotfixes directly on each machine using the PortGuard agent. No WSUS, SCCM, Intune, or other patch management infrastructure is required.
PatchGuard policies are set per company/organization. If you manage multiple companies (MSP mode), each company can have its own days-behind threshold and notification settings.
PatchGuard works on Windows 10, Windows 11, and Windows Server 2016 and later. The agent runs as a lightweight Windows service and requires no additional dependencies.
Absolutely. All GuardSuite tools run as part of the same lightweight agent. Use PatchGuard for patch compliance, DriveGuard for encryption, PortGuard for USB control, and more. They all work together seamlessly.
Start monitoring patch compliance in under 5 minutes. Free for up to 5 devices.
Get Started Free