/build/static/layout/Breadcrumb_cap_w.png

Patch Detect Returns Unwanted Patches

Hi All,

I am starting to look into using our K1000 to apply patches to our machines on a schedule. I have been using patching for months now, but only for new computers as a one-and-done type thing. I just did a patch detect on my computer and don't quite understand the results. I see a few things such as a firefox update and a recommended Windows update that should not be in the list. 

My detect schedule is set to only detect on the same patch labels that we use for our subscription settings. None of these labels include installers and every label specifies that the patch be of a critical impact. My computer does not have Firefox installed so I don't know why the detect thinks that I need that on my PC. It was my understanding that if you don't have the checkbox for application installers checked in the subscription settings, you would only get updates to applications already installed on that machine.

I also don't understand why the detect is showing me disabled patches. It thinks that I need the recommended Windows patch even though every one of my patch labels specifies that the patch must be critical. I even went to my patch listing and can't find that patch at all. When I go to the patch from the detect results I see a message saying that the patch is disabled because it doesn't match any patch subscription settings.

Does anyone know why these things are showing up during the detect? Would they actually be applied if I did a deploy? Any help here would be great!

Asked 11 years ago 4431 views
0 Comments   [ + ] Show comments

Answers (3)

Posted by: jdornan 11 years ago
Red Belt
1

There is a glitch in the latest patch released by Mozilla. If you dont have the program installed instead of patching it then it installs Firefox. The workaround is to place in a lable that excludes Mozilla if it isnt installed. 

Comments:
  • Thanks for the information jdornan. Hopefully since his say "0" under the size column the KBOX won't push out the installations. - nshah 11 years ago
  • That's unfortunate. I may just take my Firefox label out of my subscription and detect deploy settings so that I don't run into any issues. Thanks for the warning. - horstj 11 years ago
Posted by: nshah 11 years ago
Red Belt
0

"My computer does not have Firefox installed so I don't know why the detect thinks that I need that on my PC. It was my understanding that if you don't have the checkbox for application installers checked in the subscription settings, you would only get updates to applications already installed on that machine."

       Did you open the patch and see if the KBOX downloaded anything? The engine has changed with 5.4/5.4 SP1. They may show up on the Patch Listing but if the Size column is "0" there is not a patch associated with the title. 


Comments:
  • Thanks for the quick response. No. The size is 0 for these patches. So will they show up as failed when I do a deploy task? Is there any way to stop those patches from showing up in my patch listing and in my patch detection results? Also, I noticed that these patches say that 53 machines (for example) are unpatched, but I have only run my patch detection task on 4 pc's. How does it know that more need it? If it is doing something else behind the scenes, why do I even need to do a detection task? - horstj 11 years ago
  • They shouldn't even go out as they may not be apart of the label you created and targeting. If they are, there isn't a patch associated with it so nothing should happen. I don't believe there is away as they are showing all the patches for 2013. When you create your filter you can remove them that way.

    The patching engine has changed and based on your settings, the KBOX can now go out and download what it detects is missing unlike the old way if everything or patches associated to a label (s). You might want to double check your patch settings. - nshah 11 years ago
Posted by: horstj 11 years ago
Brown Belt
0

nshah,

I didn't see an option to disable the kbox from downloading detected patches, but since my detection task is using the same labels as my subscription settings will that matter? I did however find this in my subscription settings:

That second box was unchecked so that should take care of seeing the disabled patches un my detect task. 

Comments:
  • What version are you running of the KBOX? Yes if the patch is disabled (gray x) you won't see the in the patch listing. From that image you may not be running the latest server and agent. - nshah 11 years ago
  • We are on v5.4.70402 on the server and v5.4.5315 of the agents. - horstj 11 years ago
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ