Import Patch Data for Windows (PMImport) upgraded on 3/27/2017 from version 7.1.x to 7.2.x which included new deployment mechanism for Software Updates. Going forward all newly added Software Updates will use new deployment mechanisms with new type of deployment command line.
Besides newly added, revised Software Updates will also use new deployment mechanism. Already created policies for such revised Software Updates will need to be recreated or updated using revise task.
Some of revised updates may change name of deployment files required by new deployment mechanism. Bulletins for such updates should be re-downloaded manually or automatically using revise task.
New deployment mechanism will now use %ProgramData% (%CommonAppData% on Windows XP) system folders to store temporary deployment files. Make sure user account used for deployment have enough permissions to read/write in this system folder. Any temporary files from previous deployment older than 5 days are cleaned up before starting next deployment.
New deployment mechanism introduced security hardening by validating signatures of files used during update deployments. Ensure that your endpoints have valid root/intermediate certificates used by Software Vendors detailed in INFO4345 and how to install them detailed on TECH240150.
Individual Operating Systems will need updated certificates to run the updated Windows System Assessment Scan as outlined in TECH239756.
Individual Operating Systems will also need the Task Scheduler service Started and Automatic as outlined in TECH246450.
Note: For Windows 2003/XP client machines you may require to install the following updates to support SHA256 certificates:
And import the attached timestamp certificate ‘Symantec SHA256 TimeStamping CA'.