Note: The features described in this document are available starting with version 8.6 RU3
Some updates required for remediation of vulnerabilities known to Symantec Patch Management solution cannot be downloaded automatically from the corresponding software vendors’ websites.
Typical examples:
Earlier versions of Patch Management solution were not able to support such updates and they were filtered out from the datafeed (with few exceptions for Windows 10 feature updates and Oracle Java – both requiring manual workaround to get them distributed).
With automated support for manually downloaded updates (MDU) added in ITMS 8.6 RU3 they will not be filtered out from datafeed anymore but still hidden for the earlier versions of Patch Management solution.
Patch Management 8.6 RU3 or later
Create the SWU policy with MDU
To create a policy with manually downloaded updates:
Delivery of MDU will be disabled until the package becomes ready (in ‘missing’ state - doesn't contain all required files)
Example: SWU policy UI with the manually downloaded update not yet uploaded by the customer
Example: MDU uploads UI after uploading the required file
After uploading all required files (status of package changes to ‘available’), delivery of update can be enabled.
Warning: MDU package is shared among all existing SWU policies that reference it. Any change in the package affects immediately all existing policies. For example deletion of previously provided MDU using uploader, UI triggers the change of update right after closure of uploader. A new upload of a file would be required to enable its distribution again.
Updates filtering in the SWU policy:
It is possible to use new filtering criteria to find MDUs in the SWU policy
MDU Upload UI
Upload UI allows you to rename an uploaded file automatically to the name expected by the Patch Management solution (for example, Windows 10 feature updates need to be renamed based on the language and edition of the specific update distributed).
If the user commits changes to the contents of the package (by adding or deleting the files), an automatic update of distribution points is performed to notify the management server and package servers about modifications.
When a software vendor changes an update not to be downloadable automatically (replaces with a newer version, EOLs the product, etc.) this is reflected in datafeed by changing the update type to MDU. This results in update (and corresponding SWU policies) deletion for the customers of earlier versions. With Patch Management 8.6 RU3 the update and SWU policies remain intact, UI would just indicate the change of update type.
Should the user need to clean up the updates that are no more up-to-date, it’s possible using the general Patch Management solution functionality (cleanup options in Patch Data import task or disabling bulletins manually in reports).
MDU visibility in reports
It is possible to identify bulletins with MDU updates in reports ‘Software Bulletin Details’ and ‘All Software Bulletin’ as they now contain the additional column ‘Manual Download’
Additional warnings that notify the user about MDUs are shown in Distribute Software Update wizard during SWU policy creation and on the Advanced tab of SWU policy when editing it.
Hierarchy support
Software updates were traditionally not replicated from the parent Notification Server to its children but it changed for MDU use case and the content of corresponding packages will be delivered to children's Notifications Servers if:
Note:
Instructions for delivery of manually downloaded updates in releases before 8.6 RU3:
Note: these instructions are still valid for ITMS 8.6 RU3 and could be used to provide large files as direct copying to management server drive is 2-3 times faster than using MDU upload UI.