Best practices for avoided patch installation failures because the KBox incorrectly detects patches

Our KBox regularly detects as needed patches that in fact are not needed. These patches end up appearing as failures in my patch reporting process and are causing a lot of extra follow-up work. Please share your patching best practices with the forum. Do you label patches down to the application level to make sure no false-positive detections occur? How do you work around false-positive detections?

0 Comments   [ + ] Show comments

Answers (4)

Posted by: jkatkace 11 years ago
Purple Belt
Can you elaborate more on some specific examples of false positives you've had, including the patch id's? It may be a problem with the patch signatures or feed, and we'd like to work with Lumension on that.
Posted by: bgatech 11 years ago
Orange Senior Belt
Adobe and Quicktime were the worst. Quicktime assumed that if you didn't have the newest version, you needed the patch. This included not having Quicktime installed at all. Patch management installed Quicktime 4.3 on my servers. I finally make a group and disabled all Quicktime and Adobe patches.
Posted by: mlathrop 11 years ago
Fifth Degree Brown Belt
My recommendation is to uncheck the box to Include Software Installers (Security/Patching/Patch Subscriptions/Application Settings) This way only patches are downloaded, not full application installers.
I also intensely distrust Apple patching behavior for Windows machines, exactly for the reason you describe, so when I get new patch notifications, I disable all Apple patches for Windows.
Posted by: Llee 10 years ago
Senior Yellow Belt
This is what you want to do if you don't want inactive patches or patches you really don't want to show up in the reports:

1. Use this FAQ to exclude software installer: http://www.kace.com/support/kb/index.php?action=artikel&cat=6&id=917&artlang=en
2. Use this FAQ to build patch smart labels so it will only detect the OS or specific application patches: http://www.kace.com/support/kb/index.php?action=artikel&cat=6&id=1068&artlang=en

3. Also check out reports that only reports active patches as well in the example report section:

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login


This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ