search cancel

Revised Software Updates effects on the Console

book

Article ID: 150150

calendar_today

Updated On:

Products

Patch Management Solution for Windows

Issue/Introduction

 

Resolution

When the Vendor (e.g. Microsoft, Adobe etc.) revises an update; the Software Update Policies Advertisements, Software Update Package distribution points and code bases will be disabled in the Console and in the Symantec Database. This is due to Patch Management Solution marking a Revised Software Update as a 'new' update and options will need to be reviewed on the Import Patch Data for Windows (PMImport) policy for managing revised updates.
 
Review the descriptions of the following settings to manage this within Patch Management:

1. Automatically revise Software Update policies after importing patch data:
  • This will revise the Software Update Package by downloading the Software Bulletin and recreating the packages for the revised Software Updates at the end of downloading the cabinet files from SolutionSam.com. This will also ensure the Software Update Policy remains enabled for the, but the Revised Software Updates will be disabled.
  • Advisory: If this is not enabled; the Software Update Policy will be completely disabled. The Software Update packages will no longer have the appropriate associations to the Software Update Policy, nor will they have the necessary snapshot or code-base associations. 
    • The revised Software Updates will need to be manually downloaded via the Patch Remediation Center (PRC) to restore this functionality.
      • This is done on the Console > Action > Software > Patch Remediation Center: Highlight the revised bulletin, right-click / Recreate Package, and this will download the revised updates.
      • Warning: Downloading more than a several Software Bulletins in the PRC at once will not allow for any other Software Bulletins to be downloaded until the first job is complete. Downloading several at a time is ideal, for if a great amount of Software Bulletins are downloaded simultaneously, it will cause any new download jobs to be queued behind the initial job and it will cause a strain on the SMP Server as it works to rebuild the Software Update Packages for all managed in that job.
  • Note: Once this is enabled; it will merely only enable the process moving forward. Any Software Update Policies and Packages created prior to enablement will not be affected. 

2. Enable distribution of newly added Software Updates:
  • This will enable the Advertisement on the Advance Tab of each Software Update Policy to ensure this ‘newly added’ Software Update (e.g. it is now a version 2 or ​v3 etc. of the same Update) is being deployed to the environment. 
  • Advisory: If this not enabled; the Advertisement on the Software Update Policy > Advance tab will remain disabled for any revised Software Updates.
    • Options moving forward include:
      • Import and view the attached report.xml to see which Advertisements have been disabled. 
        • Then open each Software Update Policy > Advance tab, and re-enable the Advertisements and Save Changes to those needing to be deployed.
      • Create a backup of the Symantec Database and work through the attached SQL Script to disable ALL current Software Update Policies, and then recreate them in the PRC to ensure the Revised process will impact all of the current Software Update Policies which will be deployed to the environment.
  • Note: Once this is enabled; it will only enable the distribution of Software Update Advertisements moving forward, for any Software Update Policy Advertisements already in place will not be affected if they were created prior to this setting being enabled.

3. Disable all superseded Software Updates:
  • This will enable the system to disable the Software Update package associations in the database and the Software Update Advertisements on the Software Update Policy > Advanced tab, for each Superseded Software Update.
  • Advisory: If this is not enabled; it will merely add more load to the PMImport running the Revise check on all Software Update Policies. This is redundant for Superseded Software Updates as the Patch Filter is designed to not target anything Superseded by the Vendor, for the IsApplicable=TRUE rule logic will always target for the latest version of the Software Update provided by the Vendor. 

Attachments

SQL Script - List Software Update Policies & Disable Software Update Policies.docx get_app
Software Update Policy_Disabled Advertisements.xml get_app