Video Screencast Help

How to apply Adobe Reader XI via Patch Mgmt

Created: 03 Apr 2013 | 3 comments

Hi, what i'm needing to do is send out Reader XI to about 650 XP machines using Patch Mgmt.  But after downloading the package and creating the policy for it, my patch assessment only says 6 machines are able to get this update.  We currently have Reader X on almost all machines, some may have Reader 9.

There is apparently a 'hidden filter' that is created from the PM assessment task.  Is there a way to modify this filter?  And why does PM assessment only think those 6 pc's need the update?  as far as i can tell, those 6 already have Reader XI.  Patch assessment is working fine for MS patches and seems to show correctly what patches are needed.

Since this is really a full install of Reader XI, is it really not a patch?  it is AR11-001 and is listed in the remediation patch list.

Any help would be much appreciated!

Using Ver. 7.1 sp2 and patch agent


Operating Systems:

Comments 3 CommentsJump to latest comment

Roman Vassiljev's picture

Hi Rick,

Bulletin AR11-001 is applicable only to Adobe Reader 11. Patch Management provides patches for major releases of Adobe Reader installed on computers, so it does not update Adobe Reader 10 to Adobe Reader 11. You may use Software Management Solution for deploying Adobe Reader 11 to your machines and then patch it using Patch Management Solution.


Joshua Rasmussen's picture

Hello Rick,

     In regards to your questions concerning the 'hidden filter' (a.k.a. Intersect Filter); that filter may be viewed via the SSE Reports found on KM: HOWTO52986. Import the attached .xml report, and you will find the Patch Filter report under the imported location > SSE Reports > Solutions > Patch Management > Patch Filters.

     From this report; search for the bulletin, right-click > Open in new window, and view the listed vulnerable clients. This is fairly cut-and-dry, for if it is not listed in this report, it is not vulnerable. You are unable to modify or edit this report, for it is a compilation of Client Patch Inventories compared to the IsApplicable Rules for each Software Update (hence the name 'Intersect Filter).

     In order for the clients to display as vulnerable to an update; the client's Patch Inventory must return and make the necessary resource associations to the Software Update's IsApplicable Rule. Otherwise, the report will not show the vulnerability exists as per Roman's comment above.

     If you are ever in question of whether or not the clients are returning Patch Inventory; review KM: HOWTO60750, for it details how to ensure that process is completing.

Hope this helps,


Riles's picture

Thank you both for clearing up my confusion.  Joshua, you have helped me in the past and I appreciate your expertise greatly.

We will deploy Reader XI using Software Mgmt Solution and keep it patched from there.

Thanks again,