Kualo / docs
On this page

Getting started with self-hosted Patchman: kill malware and fix vulnerable websites

Complete your Patchman policy setup to start detecting and remediating malware and vulnerabilities on your server.

2 min read Updated 4 Jun 2026

This guide is for clients on Cloud or Dedicated hosting. Once you have ordered Patchman, you need to complete your policy setup before it can start actioning events on your server.

What policies do

Policies control three things:

  • What happens when a new detection is made (e.g. patch, quarantine, notify)
  • Which end users are notified about detections
  • Which end users can see their detections in the portal

To get started, log in to your Patchman dashboard and click on your Default policy.

Recommended policy settings

Vulnerabilities

Send a notification to your users as soon as a vulnerability is detected. Where possible, patch the vulnerability immediately. If you prefer to give users time to update their applications themselves, that is fine, but always advise them to update their software promptly.

Malware

Quarantine malware files as soon as possible to prevent abuse or further damage.

Outdated applications

Use the reminder action rather than the detection event to notify users about outdated applications. This gives them a chance to update before any automated action is taken. Bear in mind that the installed version information shown in the portal may be out of date until the next full server scan. Note that vulnerabilities in the same application may also be detected separately (see above).

Operational hours

This setting lets you restrict the hours during which policy actions are carried out. Outside those hours, detections are still recorded, but no tasks run and no emails are sent to end users - those actions are held until operational hours resume. This is useful if you want actions to happen only when your support team is available.

Customising email templates

For each event and task, you can choose which email template is used to notify the end user. Templates are configured per policy, so you can provide different messaging for different groups of users.

Each email template is inserted into a base template that defines the overall design. Every template has two parts:

  • HTML template - the rich version most users see in their email client. Patchman inlines all CSS automatically when rendering, but you should still test your emails in the most popular clients, as HTML support varies widely.
  • Text template - a plain-text fallback for clients that do not support HTML. When you edit an HTML template, Patchman will attempt to generate a text version automatically.

To edit the base template, click the Edit base template button in the top right of the Patchman dashboard.

For full details on email templates, special tags, and template context, see Patchman email template editing.

Finishing up

Once you have configured your events and templates, let us know so we can fully activate your account. If you need any help, please contact us.

Was this helpful?
Your feedback helps us find gaps in the docs.
Related articles
Patchman
An introduction to Patchman
Patchman scans your hosting account for outdated applications, vulnerabilities, and malwar...
Patchman
Accessing Patchman via cPanel
Patchman scans your hosting account for vulnerabilities. Here is how to open its dashboard...
Patchman
Understanding account vulnerabilities
Find out why outdated software leaves your website open to attack and what Kualo does to h...
Patchman
Reverting Patchman patches
If a Patchman patch causes a problem with your site, you can undo it from the Patchman das...
Still need a hand?
Real people, around the clock - start a chat or open a ticket and we'll help you put it right.
Contact us Start a chat