Symantec: Applicable patches not being installed
I am attempting to patch a few workstations utilizing Patch Management but am running into a trouble where "applicable" patches are not being deployed. The "Microsoft fulfillment and Vulnerability by Computer" report illustrates the patch is relevant up till now while I deploy it, the patch is not applied and the status within the client-side Agent says "Not presently applicable". I really not understand what’s going on? Anyone have any idea or any useful information on this?
Re: Symantec: Applicable patches not being installed
Just checked the "Applicability" part of the Resource manager for those software updates which are not being applied and the workstations meet the necessities listed there (for instance OS and SP level). Are there other basics that are not being met and if so how do you discover what these are? I don't see why there should be an inconsistency where the report says "Applicable" and status says "Not presently applicable". The report currently lists these updates in think below the susceptible count which I would like to clear.
Re: Symantec: Applicable patches not being installed
There are a range of troubles which can cause this to occur, including wrong or invalid registry entries, missing files (even if that typically results in a patch repeatedly reinstalling, while the rule says that a file should be edition a.b.c.d, but the file in query doesn't in fact exist to BE patched), or an error on the Symantec/Altiris side in the meaning of the IsApplicable/IsInstalled rules. Can you present a few instance bulletins and precise update .exe files that are showing as not relevant? There are quite a lot of KBs that you can utilize to determine accurately why a patch is showing as not applicable.
Re: Symantec: Applicable patches not being installed
Have you seemed at the log files for the local agent? You can utilize the RAAD tool (Remote Altiris Agent Diagnostics) obtainable or the LogViewer.exe in %ProgramFiles%\Altiris\Diagnostics on your NS. Discover all lines where the source is 'SoftwareUpdateAgent'. All time the agent starts up, the patch rules are appraised and you will see if a patch is pertinent to the workstation and after that if it is installed. Does this correspond to what you notice reported in the agent or on the NS? Have you as well attempted to remove and reconstruct the inventory?
Re: Symantec: Applicable patches not being installed
There are 2 or 3 patches which do not setup on the bulk of workstations:
- MS08-069 WindowsXP-KB954459-x86-ENU.exe
- MS08-067 WindowsXP-KB958644-x86-ENU.exe
The IsApplicable inventoryrulexml illustrates constant value = "true" for both so I seemed at the pre-reqs/applicability for these and they are Windows XP Pro SP3, that is what we have. The IsInstalled proceeds a False while I run the xml script on the client, that concurs with the Update Installed = False on the NS resource manager for the client. I as well notice "update task Enabled" = False in the NS Software Inventory for the client. Does that substance?
Re: Symantec: Applicable patches not being installed
I have seen cases where a bulletin is staged, and a policy shaped, but after that at a few points is not completely staged and necessitates the packages reshaped. If you go out to the patch remediation center and right-click on these bulletins, do you obtain the choice to reconstruct Packages? If so, reconstruct packages and your client should download productively. And apparently if Stage is noticeable there for a few reasons, do the similar.