Patch Management does not provide an update that is listed vulnerable by a 3rd party tool.

Article:TECH198736  |  Created: 2012-10-22  |  Updated: 2014-10-24  |  Article URL http://www.symantec.com/docs/TECH198736
Article Type
Technical Solution

Product(s)

Issue



Patch Management does not provide an update that Windows Update, MBSA, WSUS or other 3rd Party Tool lists as Vulnerable.


Cause



Patch Management 7.1 SP1, SP2 & MP1 is limited in supporting the following update types:

  • Advisory / Informational Updates
    • Note: These updates are often provided in 'MSYY-A##' Bulletins (Example: MS12-A05)
      • Highlight the 'MSYY-A##' Bulletin in the Patch Remediation Center (PRC) and select 'List Software Updates' from the menu.
    • Advisory Updates do not necessarily have a KB Update Package, so they are often times listed as their file name on the PRC (Example: rvkroots.exe)
    • Google the Update and review the link from Microsoft (Example: http://support.microsoft.com/kb/)
      • Compare that file download with the listing from any recent 'MSYY-A##' Bulletin
    • Note: sometimes an Advisory is unable to be implemented. Please view KM: HOWTO10433.
  • Hot Fix, Fix-IT, or other update types, which require End User License Agreement acceptance prior to download
  • Third Party Updates (provided by Microsoft as a courtesy)
  • Updates that require user interaction or credentials
    • Example: KB2734642
      • This particular update requires an End User License Agreement (EULA) acceptance and an email submittance to Microsoft in order to download the package

Solution



Advisory: First check the release date of the desired update from the vendor, for it may have only been released today, and Patch Management's goal is to have the updates included in the .cab file release within 24 hours for the English versions.

Review the following resolution steps to ensure the desired update is being delivered:

1. Ensure the update is not listed in the Patch Remediation Center

  • Go to the 'Show:' drop down in the upper left
    • Ensure that it is targeting 'All Software Updates' in the drop down.
    • Click on the refresh icon to immediate right of the 'Show' dropdown
    • Search for the update number only, for the search is case sensitive, and it could fail to display if the update was listed in lowercase and the search field is populated with uppercase (e.g. kb or KB).

  • Secondary Method for finding listed updates: 
    • Go to the Patch Remediation Center
      • Highlight any Bulletin
      • Right-click > List Software Updates
      • Click on the 'List Software Updates' link in the section above the title of the page:
      • This will open a listing of ALL software updates
        • Note: this may take a long time to open in slower environments
  • Review the Bulletin acronyms outlined on KM: HOWTO59203

2. Search the Knowledge Management site for that individual update KB number or Bulletin Number will be listed in the release notes for each respective release of Patch Management:

Note: If the desired bulletin or update is not available to Patch Management and it was released / revised less than two weeks ago, then it will be slated for inclusion in the next PMImport. Import releases are scheduled on the 2nd and 4th week of each month.

3. If you have access to the Microsoft SQL Server Management Studio; run the following against the Symantec_CMDB (Database default name):

select * from Inv_Software_Update
where FileName like '%UPDATENAME%'

4. If unable to find the update via these steps; submit an enhancement request for developement to include the desired update in Patch Management. Do this if you can wait for the update to be included in the next PMImport and the update is appropriate to be included in the PMImport catalog received by all Patch Managemet users. 

If the desired update is confirmed to be not included in Patch Management; an enhancement request must be submitted to get the update reviewed and included in a future PMImport metadata release via one of the following processes:
  • Open a Support Case; include the full Software Update name, public download URL for the update package and any links that will detail the update
    • Advisory: If there is not a public URL for download; the update is automatically declined, for support cannot be added to an update that is not publically accessed
       
  • Go to https://www-secure.symantec.com/connect/ and log in or register for a SymAccount to begin the enhancement request process.
    • Select the Create Content tab and then select Idea (Figure 1).
Figure 1
 

Create Idea in Symantec Connect

 
In the Create Idea page enter an appropriate title and description of the needed update(s) in the Title and Body fields, respectively (Figure 2).
Figure 2
Title and Body in Create Idea

 

In Select a Community (required) select Endpoint Management (Figure 3). In Select one or more products (required) select Patch Management Solution (Figure 3). In Select one or two topics select How to>Patch (Figure 3).

Figure 3

Community, Products, and Topics Tags

 

Finally, click Save. A Symantec connect page will be created where you can follow progress on the enhancement request. When the update is released in the next PMImport you will have to run an Import Patch Data task to be able to deploy the update.

4. An alternative solution is to create a custom software delivery package and task to deploy the software update. Do this if you can't wait for the update to be included in the next PMImport or if your update is only needed for your environment and is not appropriate to be included in the PMImport catalog that others will receive.

First go to the software provider's website and manually download the desired update's installation files. Then follow http://www.symantec.com/docs/HOWTO30256 to create a software package with the update files and deploy it via a managed software delivery task.




Article URL http://www.symantec.com/docs/TECH198736


Terms of use for this information are found in Legal Notices