Using checkpoint updates in new data feed
search cancel

Using checkpoint updates in new data feed

book

Article ID: 433671

calendar_today

Updated On:

Products

Patch Management Solution IT Management Suite

Issue/Introduction

The Patch Management MetaData Patch feed will be including Checkpoint updates from Microsoft. For more information on these updates, see Microsoft's Checkpoint cumulative updates and Microsoft Update Catalog usage article. 

Note: The checkpoint updates involve large files, so we recommend cleaning up downloaded bulletins and distribution policies per our article, Simplified Steps to Clean up Unused Software Update (Patch) Packages off the Notification and Package Servers before hand to avoid unneeded downloads of updates. For those bulletins and policies you may want to retain, see the steps below for how to successfully update them to include the new checkpoint packages. See the last step to adjust the length of time endpoints will retain the packages. 

Environment

ITMS 8.7.x, 8.8.x
Patch Management Solution

Resolution

We have enhanced our datafeed with the following: 

  1. Before importing PMImport build with checkpoint updates support, there might be lot of distributed security and non-security Windows 11 bulletins or SW (Software) Update policies.

    Command line:
     
    swuenv.bat && call "%InstallToolsPath_832C527C-B9C9-46FB-B1F1-2F35434FF90D%\AeXPatchDeployment.exe" -DeploymentId=00048504-0000-0000-0000-000000000000 -LanguageGroup=0

    Only one .msu package
    Single MS update .msu package 

    To update command line and check point update package for already distributed security and non-security Windows 11 bulletins or SW Update policies, Administrator must enable
    "Automatically revise software update policies after importing patch data" and "Enable distribution of newly added software updates" option in "Revise Software Update Policies" dialog and save changes.

    Now Administrator can start PMImport task to get new data from new check point supported Data Feed.
    During PM Import there will be information in NS logs which Patch policies require command line update and which updates require and old check point update "kb5043080" to be downloaded



  2. Using checkpoint update functionality involves inclusion of the additional KB5043080 MSU package to every staged Windows 11 bulletin kb5043080.msu package to every staged Windows 11 bulletin.
  3. To clean up space on client computers faster, Administrators can set the "Delete packages after" setting (under Settings > All Settings > Software > Patch Management > Windows Settings > "Windows Patch Remediation Settings") to delete packages sooner than the default after the distributed patch update is successfully installed. The default value is 1 week.

Choose appropriate value and save changes > click "Save and run task". 



Now all distributed patch updates will be marked to be deleted on client computers when patch policy will be successfully installed and gone from client.

Powered by Wolken Software