Most of our customers use Edge, Chrome, Firefox, and other popular browsers. The requirement for the SVM console is only for certain functionality in the admin console; specifically managing WSUS and creating/publishing patches. The new patch automation process does not require ActiveX, but individual patch creation does.

The SVM console simply does things browsers are not normally authorized to do. It talks directly to WSUS, it writes to the file system to create patches, etc. The need for ActiveX (and therefore Internet Explorer) is not a matter of browser support as much as a dependency to do things security otherwise restricts.

The difference in options provided when not running IE with our ActiveX control is illustrated below:

Patching Menu with IE and ActiveX

Patching Menu Without

It is common practice to restrict Internet Explorer our console web address alone in order to eliminate the risk of it being used to browse potentially malicious websites.

Because the console needs to perform actions not possible without ActiveX, it will remain a dependency of the web console. However, as an alternative, we are introducing utilities that may be leveraged to perform restricted functions offline. We introduced a tool for managing WSUS in the community and plan to offer more feature coverage via the patch daemon in the future. It is our intent to overhaul the patch daemon to accommodate many of the features that currently rely upon ActiveX while at the same time, improving the look/feel of the existing web console and its ability to support all common browsers. Look for announcements during the second half of 2021.