Hello,
Let me start by suggesting this.
https://support.symantec.com/en_US/article.DOC5768.html
I will try to keep this very high level but feel free to ask more questions. Patch management, when configured, will reach to a Symantec site (usually daily, off hours 1:00am etc) and download a file which is the PMImport task or Patch Management Import. This is essentially a large list of all vendor patches (after you select specific software and vendors) and their specific criteria. Once this runs, any patches released to Symantec since the last time the PMImport ran will be available to you for download and distribution.
The next thing that will happen on the workstation side, once inventory is running at least once, is a Windows System Assessment scan. Here, we are taking data about all applicable patches and checking each one on the workstation for applicability. This is then returned to the notification server and processed the same way as inventory.
To stage one of these updates, your best bet would be to go to ACTIONS, SOFTWAREand then to PATCH REMEDIATION CENTER. Here you have several views available. I usually stick to WINDOWS BULLETINS but feel free to look at individual updates also. Either way, right click the bulletin(s) that you would like to download and click download. This will pull them into the notification server.
To actually create a patch policy, Once the download is finished, right click again and select DISTRIBUTE. You will then be presented with a policy wizard where you essentially fill in the blanks and you are done. If the update is applicable, it will be installed during the next patch cycle as you have defined it in the Patch Management settings. The patch should reflect success as the compliance rises at that point. Wash, rinse, repeat.
Hope this helps,
Paul