Patch Management does not coincide with the compliance listed in Windows Update, MBSA, WSUS or other 3rd Party Tool lists as Vulnerable.
Additionally for YUM and other tools used for patching Linux.
Patch Management 7.5.x through 8.0.x does not support all Software Updates, and does not support Software Upgrades, for current logic of the product is directed towards security update deployment.
Patch Management Solution is limited to the list provided in the Import Patch Data for Windows > Vendors and Software, for this list is all of the supported vendors and software provided by the product and is regularly updated.
Advisory: This list is populated by the Patch Management Development Team; there is no process that can be utilized to add any Vendor or Software to this list, for the IsApplicable Rule logic is targeted per this list and hard-coded into the Assessment Scan files for targeting. If additional Vendors or Software is needed to be deployed; please utilize the Manage Software Delivery Solution.
The following Software Update types are generally not supported:
Advisory / Informational Updates
Note: These updates are often provided in 'MSYY-A##' Bulletins (Example: MS12-A05)
Highlight the 'MSYY-A##' Bulletin in the Patch Remediation Center (PRC) and select 'List Software Updates' from the menu.
Advisory Updates do not necessarily have a KB Update Package, so they are often times listed as their file name on the PRC (Example: rvkroots.exe)
Additionally, the current patching for Linux is currently managed via a Server-side Targeting Resolution on the SMP Server.
Advisory: First check the release date of the desired update from the vendor, for it may have only been released within the last day or so, and Patch Management's goal is to have the updates included in the .cab file release within 24 hours for the English versions (Note: These releases generally fall on Wednesday/Friday of each week).
Additionally, if the requested Software Update is not present and it doesn't fall into the realm of unsupported updates as outlined above; review the Software Update Request with Patch Management Backline to have it reviewed for distribution.
Confirm the Software Update is not already managed by reviewing the following steps:
1. Ensure the update is not listed in the Patch Remediation Center
Go to the 'Show:' drop down in the upper left
Ensure that it is targeting 'All Software Updates' in the drop down.
Click on the refresh icon to immediate right of the 'Show' dropdown
Search for the update number only, for the search is case sensitive, and it could fail to display if the update was listed in lowercase and the search field is populated with uppercase (e.g. kb or KB).
Secondary Method for finding listed updates:
Go to the Patch Remediation Center
Highlight any Bulletin
Right-click > List Software Updates
Click on the 'List Software Updates' link in the section above the title of the page:
This will open a listing of ALL software updates
Note: this may take a long time to open in slower environments
Review the Bulletin acronyms outlined on KM: HOWTO59203
Note that updates provided by Patch Management will not be listed by these methods if the necessary vendor, software, operating system, or language categories have been disabled in the Import Patch Data (PMImport) task.
2. Search the Knowledge Management site for that individual update KB number or Bulletin Number will be listed in the release notes for each respective release of Patch Management:
3. If you have access to the Microsoft SQL Server Management Studio; run the following against the Symantec_CMDB (Database default name):
select * from Inv_Software_Update where FileName like '%UPDATENAME%' --e.g. KB123456
4. If the Software Update is unmanageable: An alternative solution is to create a custom software delivery package and task to deploy the software update. Do this if you can't wait for the update to be included in the next PMImport or if your update is only needed for your environment and is not appropriate to be included in the PMImport catalog that others will receive.
First go to the software provider's website and manually download the desired update's installation files. Then follow http://www.symantec.com/docs/HOWTO30256 to create a software package with the update files and deploy it via a managed software delivery task.
Advisory: the Linux 'Server-side Targeting Resolution' is currently being reviewed for enhancement as outlined on INFO3650. Please subscribe to that article to receive notifications when the product is updated with the 'Client-side Targeting Resolution'
Imported Document Id
This is machine translated content
Login to Subscribe
Please login to set up your subscription.
Didn't find the article you were looking for? Try these resources.