Client Management Suite

I created a poll regarding Patch Management here

https://www-secure.symantec.com/connect/polls/are-you-using-cms-patch-management-and-if-so-what-schedule

If there's a way for me to move the poll to CMS or add replies to that poll let me know.

I'm curious if others are using Patch on a monthly schedule like we are.  We download applicable patches the day they come out in the import, disable superseded patch policies, and begin testing the new patches internally, then a few days later send them to a sample group of users, and finally then release to all users.

Every month so far we've had a problem with at least one patch (MS or Adobe) - where it's a problem with the import or the command line switch used, etc.  Getting through to the right support person on the issues has been tough and sometimes I feel like I'm the only one reporting issues or maybe support is just too new to the product?  It seems like L1 usually doesn't have the resources to reproduce issues, even for free upgrades like Shockwave.  Often the issue takes weeks to get fixed which is tough to take for security related patches.

I also try to post about each bulletin issue here to see if others are having similar issues but don't always hear back which made me create this poll to see if others are using it more successfully than us.

We are CMS 7.1 SP2, mostly win7 clients.

We use CMS to patch about 2500 workstations, although we only patch MS patches for now.  Because of issues with new patches, we wait 2 weeks after patch Tuesday until we deploy them to our patch pilot group of about 100-150 machines.  Then 2 weeks later, we patch every workstation in the environment.

To date, we've not had a single issue with a patch.  However, now that I've said that, the wheels are likely to fall off on Friday when we deploy to the pilot group.  Wish me luck.

I've only been patching a few months, but MS seem to be more solid than the Adobe, makes sense as MS has a huge stake in making sure the patches work silently well.

This is the first MS issue I've ran into actually

https://www-secure.symantec.com/connect/forums/mswu-431-updated-feb-2012-updated-file-not-coming-down

Test PCs first Thu night, maybe 5 PCs in IT

Pilot PCs a week later, 20-50 PCs including a selection with critical apps on, maybe ones used for training on that app.

Phase 1 PCs a week later, 20% of the estate at random, I use ending in 2 or 5 where PC names are numerical.

Then the remainder a week later, just over 3 weeks after Patch Tuesday.

OnPatch wednesday I send out to about 20 machines. I give it a week then push out to the rest (860 in total so far). Had the odd hiccup but thats been an altiris issue rather than a patch issue.

I have at least one issue every month.  Maybe because I patch Adobe ?

In that case I wouldn't patch it :-)
 

I think it's pretty obvious that you're a believer in using Altiris for third-party patching and want to see it succeed and improve, but from your threads on Connect, you seem to have an issue every month with an Adobe update.  Have you reached out to the product manager for patch?  That might be a good place to share your concerns and see if there are plans for future improvement to the Adobe patch process.

I put a ticket in every time I have an issue and those tickets (eventually) get escalated and once escalated they are usually fixed pretty quickly.  I post here about each update I have issues with mainly to see if others have the issue and also so there's a public post about it for those that search and use Connect.  I try to follow up on them if they are fixed if it is something I did or a new import that fixed it.

The problem for me is gathering all the kinds of data L1 needs in order to escalate the request (it's not hard, we just go back and forth over phone calls and email until they finally are allowed to escalate).  I'm talking about weeks of time to get cases escalated.. once escalated the issue is usually addressed within a week.

I'm not sure how to reach out to a product manager, but I'd be glad to talk to anyone.  

I created this post mainly because I'm surprised more people don't run into the same issues when patches are released.  It always seems like a new issue when I report it to Symantec - I'm surprised more customers aren't putting in tickets, or maybe most people are testing (Adobe) patches the day they come out, I'm not sure.