Video Screencast Help

Patch Management Reporting (Built-in or Custom)

Created: 16 Jun 2013 • Updated: 17 Jun 2013 | 5 comments
lko's picture
This issue has been solved. See solution.

I'm new to patch management and I am struggling with the reports inside the SMP 7.1 Console. 

What I am looking for is a report or even a couple reports that will provide me with the status of a software update policy after is has executed.  I would also like to know the status of the clients inside each software update policy and in more detail of the patches/bulletins (that were included in the policy that were to be applied which ones installed and which ones didn't, the time it took to apply the patches, ) that were not applied, or ones that failed etc.

I can't seem to find a built-in report or portal page that provides me with this information.  Does anyone know of a way to build custom reports and if so, what tables and fields contain the information I am looking for?

Operating Systems:

Comments 5 CommentsJump to latest comment

andykn101's picture

I think the best way to do this is look at the general Software Execution Report. That gives successes and failures for all or more specific software executions over the period you give it.

Other wise you can just try all the dedicated Patch Reports to see which gives you the best view of overall compliance.

Authorised Symantec Consultant (ASC) with Endpoint Management Limited, an Authorised Symantec Delivery Provider based in the UK.

Connect Etiquette: Please "Mark as Solution" posts that fix your problem.

Joshua Rasmussen's picture

Hello lko,

In addition to the report mentioned by andykn101; detailed on KM: TECH127607, you may also review the legacy (hidden) Policy Execution by Computer report.

This report can be unhidden by running the following SQL script to unhide the report (for good measure; ensure a recent backup of the database is in order before proceding):

 begin tran
 update Item
 set Attributes =0
 where Guid='F47ED416-3847-4B46-8D5B-851C075CAE7A'


--If all is in order with 1 row affected; run the following:
commit tran

--If undesired return occurs; run the following:
rollback tran

This report is hidden as the product has evolved from the original authoring; this report could time out due to the amount of data returned. Furthermore, it would be best practice to create a clone of the report, rerun the script to restore attribute =23 (default value), and use the cloned report moving forward. This will ensure the product is kept in a supported default state.

Keep in mind that the report pulls from several task tables that are purged on a daily or weekly schedule, so some columns may display n/a. Run the report as soon as updates are deployed and export the data for archive purposes before these tables are purged.

Note: problems with this report will not be supported as it was not included as part of the released product. However, I have found it to be a solid report that delivers the Computer Name, Software Bulletin, Update Name, Policy Name, Package Status, Execution Status, Return Code, Duration, Start & End Time, and Logged in User.

These reports, used in conjunction with the Compliance Reports, should provide all needed Patch Reporting data.

Hope this helps,


lko's picture

Thanks andykn101, but I don't seem to have the Software Delivery Report, I checked in the location as indicated in  TECH127607, and there is no report like this listed. I checked through my entire Software Reports folder.

Joshua Rasmussen, how exactly do I run the SQL script that you mentioned above?  I haven't gotten into this yet and I can't quite determine if I need to do this in a report or in SQL itself.

Thanks to you both.

Joshua Rasmussen's picture

The SQL script must be ran against the Symantec_CMDB (Altiris Database) via the Microsoft SQL Server Management Studio.

lko's picture

Thanks Joshua, I figured that was the case.

I think I did locate something that may suffice and is similar to the report you suggested above, in the Windows Compliance portal page, the  Windows Software Update Delivery by Execution .

Thanks all for the help.