KACE K1000 attempts to re-deploy Firefox that has been patched
I'm looking for feedback on the best way to handle deploying software that is also patched via KACE.
Example of patching issue:
A new workstation 'PC1' has the 'SOE - Standard' label added.
A distribution package for 'Mozilla Firefox 45.0.2 ESR' exists and has the 'SOE - Standard' label associated to it.
'Mozilla Firefox 45.0.2 ESR' is deployed to 'PC1' as it has the 'SOE - Standard' label associated to it.
The following day 'PC1' has Firefox update to 'Mozilla Firefox 45.1.0 ESR' due to KACE patching.
Next time 'PC1' is inventoried it detects 'Mozilla Firefox 45.0.2 ESR' is missing and re-installs the older version.
*Repeat cycle of patching and downgrading*
So to combat this I have a smart label assigned to the distribution package 'Mozilla Firefox 45.0.2 ESR':
Device Smart Label: Distribution - Firefox 45
Label Names = SOE - Standard AND
Software Titles does not contain 'Mozilla Firefox 45' OR
Label Names = 'Software - Mozilla Firefox 45' AND
Software Titles does not contain 'Mozilla Firefox 45'
If the PC then has the the label (SOE - Standard or Software - Mozilla Firefox 45 ) AND does not have a version of Firefox 45 already installed then the label will apply and the software will install otherwise it will not apply and patches are then handled by KACE without issue.
Is this the best way or handling this? KACE labels are not the most user friendly.