There are two ways to distribute and apply patches to devices in the management zone:
The first option automatically deploys patches based on rules and requirements you define in patch policies. The second option requires you to manually select the patches to deploy and manually configure their distribution. Both options require automated scans of devices to have a required patch list to draw from. Patches are installed according to the schedule in the applicable option, Patch Policy Settings or a remediation’s Distribution Schedule.
While there are settings you can configure to pre-fetch and pre-cache patch content if required, by default, devices request patch content on-demand from their upstream Content Server in accordance with the scheduling referenced above. If the patch is not already available in the system at that time, an Ondemand Content Master downloads the patch and delivers it to the device through the Content Server stream. For more information see Understanding Pre-Fetching and Pre-Caching of Patches.
While using patch policies is the most efficient, preferred, and recommended way to manage patches, Deploy Remediation gives you the flexibility to quickly deploy patches, custom or otherwise, that may not be covered in your patch policies.