ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Need to exclude 32 bit Windows patches as there are no 32 bit computers left in the environment

book

Article ID: 172221

calendar_today

Updated On:

Products

Patch Management Solution for Windows

Issue/Introduction

You only have 64 bit computers left in your environment and most or all of your applications are 64 bit, so you would like to exclude 32 bit patches from downloading and taking up space on your Notification Server and Package Servers. You have evaluated your environment and have determine which vendors and patches are applicable for you.

 

Note: This is a by-vendor approach, and it may not be feasible to exclude all 32 bit updates. Some vendors may only run as 32 bit applications and so would supply only 32 bit patches. Use research, caution, and limited testing, as this may affect compliance and vulnerability reporting. Review the other configuration options on the PM Import task that may affect currently downloaded updates and policies.

 

Note: This solution will only prevent future downloads of unwanted updates. To cleanup existing unwanted updates, first work through TECH232757.

Cause

The Patch Management Import (PM Import) is still configured to bring in 32 bit patch data. When this data is imported, bulletins that include 32 bit patches will download 32 bit patches even though they are not needed.

Resolution

In the Symantec Management Platform Console, navigate to Home > Patch Management > Windows > MetaData Import Task (or to Manage > Jobs and Tasks > System Jobs and Tasks > Software > Patch Management > Import Patch Data for Windows).

Open up the Vendors and Software section and verify that a recent Vendor Import has run. Note that this is not a scheduled import and must be manually run occasionally.

Open up each vendor and search through the list of available products to choose those appropriate for your environment. Note that some vendors will list two items and that one may include x64 or x86 - each vendor may be different in how this is listed, if at all. In some cases there may not be an option to exclude updates based on whether they are 32 or 64 bit.

 

Once the vendor selection is complete, Click Save Changes and either wait for the next scheduled PM Import or click New Schedule to initiate a new import.

 

When you create new distribution policies, you will see that those bulletins that include 32 and 64 bit versions of the updates will only show the selected versions per the vendor list.