Deployment and Imaging Group

how the patch management works from beginning How machine gets patch how patch management know this patch has to be installed end user machine how end user machine communicate the patch management how to stage the patch what is windows assessment scan what is PM import what is Inventorry cache.ibd what is Qchain what is AexPatchAssessment.exe how patch get deployed Wanted to understand in details about what are the function of each components in patch management and it any diagram flow chart which gives the patch management process please share the same

Hello, Let me start by suggesting this. https://support.symantec.com/en_US/article.DOC5768.html I will try to keep this very high level but feel free to ask more questions. Patch management, when configured, will reach to a Symantec site (usually daily, off hours 1:00am etc) and download a file which is the PMImport task or Patch Management Import. This is essentially a large list of all vendor patches (after you select specific software and vendors) and their specific criteria. Once this runs, any patches released to Symantec since the last time the PMImport ran will be available to you for download and distribution. The next thing that will happen on the workstation side, once inventory is running at least once, is a Windows System Assessment scan. Here, we are taking data about all applicable patches and checking each one on the workstation for applicability. This is then returned to the notification server and processed the same way as inventory. To stage one of these updates, your best bet would be to go to ACTIONS, SOFTWAREand then to PATCH REMEDIATION CENTER. Here you have several views available. I usually stick to WINDOWS BULLETINS but feel free to look at individual updates also. Either way, right click the bulletin(s) that you would like to download and click download. This will pull them into the notification server. To actually create a patch policy, Once the download is finished, right click again and select DISTRIBUTE. You will then be presented with a policy wizard where you essentially fill in the blanks and you are done. If the update is applicable, it will be installed during the next patch cycle as you have defined it in the Patch Management settings. The patch should reflect success as the compliance rises at that point. Wash, rinse, repeat. Hope this helps, Paul

Also, QChain, I'm not familiar with. AeXPatchAssement is the actual tool used by patch management amount others. My best use for this is to speed up a patch cycle by running c:\Program Files\Altiris\Agents\Patch Management\AeXPatchAssessment.exe /Xa This will force start the update cycle. Sometimes handy for trouble shooting. Inventory cache, if I'm not mistaken is created after the assessment scan runs. There has only ever been a handful of times when I had to delete this. All in all, patch management solution is pretty solid. Paul

Pardon the poor grammar @sent from my iPhone

Qchain was used by Windows pre-Vista/2008 to allow multiple patches to execute in succession without requiring a reboot.  It's no longer needed.