Hi All,

I am starting to look into using our K1000 to apply patches to our machines on a schedule. I have been using patching for months now, but only for new computers as a one-and-done type thing. I just did a patch detect on my computer and don't quite understand the results. I see a few things such as a firefox update and a recommended Windows update that should not be in the list. 

My detect schedule is set to only detect on the same patch labels that we use for our subscription settings. None of these labels include installers and every label specifies that the patch be of a critical impact. My computer does not have Firefox installed so I don't know why the detect thinks that I need that on my PC. It was my understanding that if you don't have the checkbox for application installers checked in the subscription settings, you would only get updates to applications already installed on that machine.

I also don't understand why the detect is showing me disabled patches. It thinks that I need the recommended Windows patch even though every one of my patch labels specifies that the patch must be critical. I even went to my patch listing and can't find that patch at all. When I go to the patch from the detect results I see a message saying that the patch is disabled because it doesn't match any patch subscription settings.

Does anyone know why these things are showing up during the detect? Would they actually be applied if I did a deploy? Any help here would be great!

0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Community Chosen Answer

1

There is a glitch in the latest patch released by Mozilla. If you dont have the program installed instead of patching it then it installs Firefox. The workaround is to place in a lable that excludes Mozilla if it isnt installed. 

Answered 03/05/2013 by: jdornan
Red Belt

  • Thanks for the information jdornan. Hopefully since his say "0" under the size column the KBOX won't push out the installations.
  • That's unfortunate. I may just take my Firefox label out of my subscription and detect deploy settings so that I don't run into any issues. Thanks for the warning.
Please log in to comment

Answers

0

"My computer does not have Firefox installed so I don't know why the detect thinks that I need that on my PC. It was my understanding that if you don't have the checkbox for application installers checked in the subscription settings, you would only get updates to applications already installed on that machine."

       Did you open the patch and see if the KBOX downloaded anything? The engine has changed with 5.4/5.4 SP1. They may show up on the Patch Listing but if the Size column is "0" there is not a patch associated with the title. 


Answered 03/05/2013 by: nshah
Red Belt

  • Thanks for the quick response. No. The size is 0 for these patches. So will they show up as failed when I do a deploy task? Is there any way to stop those patches from showing up in my patch listing and in my patch detection results? Also, I noticed that these patches say that 53 machines (for example) are unpatched, but I have only run my patch detection task on 4 pc's. How does it know that more need it? If it is doing something else behind the scenes, why do I even need to do a detection task?
  • They shouldn't even go out as they may not be apart of the label you created and targeting. If they are, there isn't a patch associated with it so nothing should happen. I don't believe there is away as they are showing all the patches for 2013. When you create your filter you can remove them that way.

    The patching engine has changed and based on your settings, the KBOX can now go out and download what it detects is missing unlike the old way if everything or patches associated to a label (s). You might want to double check your patch settings.
Please log in to comment
0

nshah,

I didn't see an option to disable the kbox from downloading detected patches, but since my detection task is using the same labels as my subscription settings will that matter? I did however find this in my subscription settings:

That second box was unchecked so that should take care of seeing the disabled patches un my detect task. 

Answered 03/05/2013 by: horstj
Fourth Degree Green Belt

  • What version are you running of the KBOX? Yes if the patch is disabled (gray x) you won't see the in the patch listing. From that image you may not be running the latest server and agent.
  • We are on v5.4.70402 on the server and v5.4.5315 of the agents.
Please log in to comment
Answer this question or Comment on this question for clarity