When the Vendor (e.g. Microsoft, Adobe etc.) revises an update; the distribution points and code base for the package will be changed.
Review the descriptions of the following settings to manage this within Patch Management:
1. Automatically revise Software Update policies after importing patch data:
- This will revise the Software Update Package by downloading the Software Bulletin and recreating the packages for the revised Software Updates at the end of downloading the cabinet files from SolutionSam.com. This will also ensure the Software Update Policy remains enabled but the Revised Software Updates will be disabled.
- Advisory: If this is not enabled; the Software Update Policy will be completely disabled. The Software Update packages will no longer have the appropriate associations to the Software Update Policy, nor will they have the necessary snapshot or codebase associations.
- The revised Software Updates will need to be manually downloaded via the Patch Remediation Center (PRC) to restore this functionality. This is done on the Console > Action > Software > Patch Remediation Center: Highlight the revised bulletin, right-click / Recreate Package, and this will download the revised updates.
- Note: Once this is enabled; it will merely only enable the process moving forward. Any Software Update Policies and Packages created prior to enablement will not be affected.
2. Enable distribution of newly added Software Updates:
- This will enable the Advertisement on the Advance Tab of each Software Update Policy to ensure this ‘newly added’ Software Update (e.g. it is now a version 2 or v3 etc. of the same Update) is being deployed to the environment.
- Advisory: If this not enabled; the Advertisement on the Software Update Policy > Advance tab will remain disabled for any revised Software Updates.
- The individual Advertisements will need to be manually enabled on each of the affected Software Update Policies on the Advance tab.
- Note: Once this is enabled; it will only enable the distribution of Software Update Advertisements moving forward; please view the attached report to see which Advertisements have been disabled. This report can be implemented via the Console in a custom SQL Report or ran directly through the SQL Server Management Studio against the Symantec Database.
3. Disable all superseded Software Updates:
- This will enable the system to disable the Software Update package associations in the database and the Software Update Advertisements on the Software Update Policy > Advanced tab, for each Superseded Software Update.
- Advisory: If this is not enabled; it will add more load to the PMImport running the Revise check on all Software Update Policies. This is redundant for Superseded Software Updates as the Patch Filter is designed to not target anything Superseded by the Vendor, for the IsApplicable=TRUE rule logic will always target for the latest version of the Software Update provided by the Vendor.
Informational: Once enabled; these processes only affect the Software Update Policies moving forward. This process is not retroactive and will not enable the advertisements for revised Software Updates prior to this setting being enabled.
- Review the following options regarding Software Update Policies already in place prior to the enablement of this setting, for either one of them will assist with this behavior moving forward:
- Option 1: Manually enable the advertisements for the affected Software Update Policies > Advanced tab to push tout in the environment.
- Import the attached Custom SQL Report (Software Update Policy_Disabled Advertisements.xml) into the console to view Software Update Policies with disabled advertisements in this custom report.
- Save xml file on the SMP Server
- Open the Console > Reports > All Reports > Software > Patch Management; highlight the respective folder to hold the report, right-click > Import, and select the xml saved.
- Note: There is a right-click option added to this report to take you directly to the affected Software Update Policy. This is not intended to display the listed names of the disabled Software Update Advertisements, for the review on the policy is still going to be in order to re-enable them.
- Option 2: Disable the unaffected Software Update Policies and recreate them, so they will be updated moving forward.
- Disable the affected Software Update Policies for 3-5 days and then they can be deleted. This is to ensure you do not get every targeted client throwing an error 'Item not found' in the SMP Logs. Once all targeted clients confirm the change in status for the disabled policy; the Software Update Policies can be deleted.
- Assistance: Disabling multiple Software Updates can be time consuming; please view the attached doc (Find & Disable Software Update Policies.sql) in the Microsoft SQL Server Management Studio to assist with disabling the unwanted Software Update Policies through the database.
- Caution: best practice is to ENSURE CURRENT BACKUP OF THE DATABASE IS IN PLACE, for any scripts ran to update any items manually may cause adverse effects or undesirable results.
- Note: The Console GUI may not display this status right away due to the database being altered; refresh the Console page on the browser to confirm disabled status.
Advisory: An enhancement request has been submitted to review the naming convention of this process, for the wording '...newly added...' tends to promote the idea that the current month's released updates will be distributed.