Patch Management Solution

 View Only

  • 1.  Patch Best Practices

    Posted May 29, 2014 07:37 PM

    Hi,

    Got NS 7.1 and node count is around 7000. I suspect how patch is setup may be causing by Task Cleanup job to be "running on demand" a little more often then desired. It is running twice a day every day as opposed to once a day

    The Windows System Assement scan is set on 24x7 schedule and runs every 8 hours. Previously it was set by last admin to be on 24x7 schedule running every 12 hours.

    The Software Update Plug-in policy is also on a 24x7 schedule and now set to run every 4 hours. Previously it was set by last admin to be on 9a-5p schedule. Can't remember the frequency it would run.

    The Windows Patch Remediation settings is on a 24x7 schedule and now set to run every 4 hours. Previously it was set by last admin to be on 24x7 schedule running every 6 hours.

     

    Suggestions for tweaking this would be greatly appreciated.

     

     

     

     



  • 2.  RE: Patch Best Practices

    Posted May 30, 2014 05:41 AM

    Is the Cleanup Task Data "Maximum number of working database rows" set to 1,000,000?

    You may need to do a one-off cleanup if the task isn't ever catching up with itself:

    "Taskinstances table growing rapidly"

    http://www.symantec.com/docs/TECH144662

    And:

    "Can't see task details after a failed run, "This task run has been deleted and cannot be vieweded or re-run. Only summary data exists - create new task"

    http://www.symantec.com/docs/TECH180203


     



  • 3.  RE: Patch Best Practices

    Posted May 30, 2014 09:19 AM

    It is set to 500,000 and for as long as I can recall it was never set higher. I can see the task details for each job. I am thinking there might be another SMS policy that has clients checking in too frequently.