/build/static/layout/Breadcrumb_cap_w.png

Security Question


Patching - Detect schedule is detecting more then just whats in the patching label.

05/23/2017 883 views
I am running into an issue where when I run a detect only for specific vendor patches, it also detects other vendor updates such as FireFox or Windows updates. We specifically want to control what updates are downloaded and then replicated to our 26 site replicas to control disk space on the local servers. We are subscribed to a small amount of vendors included Adobe, Oracle, FireFox, Google etc, but we specifically are NOT subscribed to Microsoft as we use WSUS for these types or updates. 

Here is my setup and was wondering if we are doing something wrong or if others have seen similar behavior. 

I created 1 detect schedules (for both Flash and Java only) and created 2 separate deployment schedules (one for Flash and one for Java) for deploying that run the following day. I also have created labels for Java Critical updates and Flash Critical updates that just look for Active Critical updates for each product. The labels properly display about 2-3 critical patches. So my understanding is this should only detect if a machine has any Adobe flash or Java Critical updates needed\missing and pull the new patches from the catalog, if not already downloaded.  But we continue to see when we add a new site (group of workstation) to the detect schedule, its detecting other updates which then in return are replicated to All sites per our replication schedule which run after hours. We are trying to limit the patches that are replicated and have only started to use patching for the smaller programs that tend to get updates on a frequent bases. .

Is this the expected behavior during any detect schedule even if you use a label to determining which patches you are looking to detect? Or is there a configuration steps I am missing? We only want to detect and then replicate Flash and Java updates at this time. 

Anyone else see this behavior or have any suggestions? 

-Michael
0 Comments   [ + ] Show comments

Comments


All Answers

0
Could you specify what other patches are being detected?

If you have a Detect Job for Java and Flash, it should only ask the agent for those patches... If you are seeing more, make sure the ALL Patches option is not checked on any other Detect Schedule you may have

Now... I can think of a patch or two for Flash, that are in Windows OS format.... that is why you will need to specify.
Answered 05/23/2017 by: Channeler
Red Belt

This content is currently hidden from public view.
Reason: Removed by member request For more information, visit our FAQ's.

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

View more:

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ