Symantec Management Platform (Notification Server)

Hello all,

Does anyone know how to force NS 7.1 to rerun a patch? The problem is with MS11-a07. Microsoft released an updated version of this patch. I need to rerun it with the latest version. I recreated the package but my workstations are not reinstalling the patch. is there a way to force the workstations to run it again even though it already ran( the old version). Any help would be appreciated.

When PMImport ("Meta Data Import" in 7.1 SP1) runs again, it will detect the updated patch and download it.  If you checked the box for 'Automatically revise Software Update policies after importing patch data', then the policies will be updated automatically with the new revision.  This will happen on the same PMImport schedule that would download new updates, configurable in the console.

If they're not running the new patch, it must have the same detection and applicability rules as the old patch.  In this case, you would want to roll back the old patch using a Run Once uninstall policy, after which systems will show vulnerable again and receive the updated patch.

Thank you for your advise. I am new to NS so dont really understand how to do a Run Once unistall. How would i go about creating a Run Once uninstall policy?

There's almost always an uninstall string in the registry.  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Do a find on this area for the patch name or KB number.  Then check the UninstallString, e.g.:

"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0409-1000-0000000FF1CE}" "{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" "1033" "0"

You might also find it in this location or similar for Windows 7:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

Thank you Mclemson.