Patch Management Solution

I created a policy for the 2 of these updates this morning.  An hour later or so, a few servers we have rebooted randomly.  I checked and sure enough, they applied the patches and rebooted - even though their policy says they're not to run a patch cycle until 2020 (just so things cache, and we fire the patch cycle off through task or ds jobs).

We had an issue just like this a few months ago where a few servers received the updated policy and started firing off a patch cycle.

Thankfully I was able to catch it early both times before critical servers rebooted.

The only oddity I noticed was that for a few of the patch command lines, the Symantec default was:  /passive /norestart /quiet  which surprisingly didn't cause an error.  I have changed these to be just /quiet /norestart.  They were for the XP and 2003 patches, though both of the servers that rebooted were 2008.  Not that the cycle should have started in the first place....

Has anyone else seen this issue?  2 times in the last 4 months is too frequent for my taste.

Hi RichC, Please, ensure that the newly created policies for MS12-A08 and MSWU-643 use default schedule setting. In case, for example, Install ASAP is specified in Policy - it will override the default schedule setting specified in Agent Settings. In case this is not the case, You can also check Altiris Agent log on the affected servers for the period, when Updates were installed - to find out the reason, why Updates were installed. One more option, why updates are installed off-schedule could be maintenance window. In case "override maintenance window" is not specified in the default agent settings, or in Policy schedule options, Updates Installation will fire according to maintenance windows, not taking into account specified schedule settings. Best regards, Sergei