Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

NS7 Patch Management: Not just for Microsoft Patch Management Deployment

Created: 29 Jul 2009 | 11 comments
Kevin_CO's picture
23 Agree
0 Disagree
+23 23 Votes
Login to vote

How many of us have been beaten up by managing deployment for Adobe updates for the Acrobat family of products?

What about managing the deployment of the many versions of Java?  

Managing patches for any application is cumbersome at best.

If this isn't on the road map, it should be. 

What are your thoughts?  Any other products that should be considered for patch deployment via NS7?  

Comments

jharings's picture
29
Jul
2009
0 Votes 0
Login to vote

Firefox, Opera, anything with Adobe in it's name

Java is a key one, but always a little shaky in my opinion, due to version and app conflicts.

Jim Harings
HP Enterprise Services
1st Rule of Connect Club: Mark the post that helped you the most as a 'solution'. 2nd Rule of Connect Club:You must talk about Connect club.

jessek's picture
29
Jul
2009
0 Votes 0
Login to vote

Later this year

You should see this in a Patch Management update later this year.  At least that's what I've been told in meetings with Symantec.  As far as which third-party products will be patchable, that I haven't heard.  I would imagine that Sun and Adobe would be a couple of the first.

Oh, and I agree on the app compatibility.  Just because Java updates may be available through Patch Management doesn't mean we should deploy them.  I know we wouldn't be able to.

Jesse Kozikowski
Aspirus, Inc.

Andrew Bosch's picture
29
Jul
2009
1 Vote +1
Login to vote

Adobe patching

Patching Adobe Reader, Acrobat, and Flash will be available with CMS 7.0 SP1 due out in September.  Sun Java is next on the list... 

------------------------------------
Principal SQA Engineer
Symantec

Pascal.KOTTE at BECHTLE's picture
31
Jul
2009
1 Vote +1
Login to vote

Hi, I don't think "Patch management" should handle all those

Hello, The new Altiris CMS 7 "Software Catalog" & "Compliance check" model is best design for "upgrading" software.
Patch management 7 of CMS should integrate, MacOS, Patches, basic integrated OS & security software parts, that is "small update" or hot-fix for security reason, and minor "hot-fix" for bugs without changing any software feature, it is OK.

So, do not mix: Patch management provide "security compliance" view, with updating software, not "upgrading".
The 2 models parts should be separated, all the same the major Editor "design model" drived from Microsoft Update, is really not the good one !!! Just one more blame on Billy.

We do not want of a patch management providing us "automatically" IE 8 or SP 3 !!!
We do want Patch management giving us advice & alerting about security issues status.
Nice to have: minor "hot-fix" for known bugs, not more.

For other software upgrade, please Symantec & Software partners editor, do not use "Patch", do the use of the existing & predefined Altiris model proposal, that is:
DATA PROVIDER MANAGEMENT, updating the Software Catalogs.
imagebrowser image

We would like an automatic "download" area for those software (like does patch), where we can select what we want, avoid us to search & download manually.
And extend automatically the Altiris 7 Software Catalog to add any "inventory rule", "software dependencies & superseded"... That's enough to simply manage "software updating".

For those don't see this already: "Software Deploy" Altiris 6 does not exists any more. In the "Software Management" Altiris 7: We are now making "software compliance & remediation", including daily (or more) check of the software installation status, & remediate (like adding a SP or any update, the provider should simply publish to us).

see also: https://www-secure.symantec.com/connect/articles/reaching-perfect-state-software-state-management
Enjoy Altiris 7 ;-)

~Pascal @ Bechtle~ Do you speak French? Et utilisez Altiris: venez nous rejoindre sur le GUASF&l

buzz's picture
07
Aug
2009
0 Votes 0
Login to vote

 I'd be interested in the

 I'd be interested in the Adobe, Java, Quicktime products for certain.  We don't use Firefox here currently but I could see the need for that as well.  Citrix clients are a nightmare also.

My other issue with Patch currently is that our Corporate parent is a big proponent of WSUS even though it is very unfriendly to end users.  It's frustrating not to have all of the items available in WSUS available in Patch or CMS.  Granted I can always create software delivery packages but service packs & these non-security updates are all pretty standard.  It would save me a lot of time.

jjesse's picture
06
Sep
2009
0 Votes 0
Login to vote

Currently testing Adobe Patch in Service Pack 1

On beta.altiris.com Service Pack 1 of CMS is in release candidate state.  Feel free to download and test it, including patching Adobe.

Jonathan Jesse Practice Principal ITS Partners

pro.gti's picture
20
Oct
2010
1 Vote +1
Login to vote

Java Patching in CMS

CMS should have Java Patch Management capabilities, according to recent reports “Java exploits have usurped Adobe-related exploits as attackers’ preferred method for breaking into Windows PCs”. 

To address this important security threat, CMS needs Java patching sooner rather than later.

bfowler25's picture
11
Mar
2011
0 Votes 0
Login to vote

adobe patching. Sometimes

adobe patching. Sometimes flashplayer does not install on a end users machine. please fix.

pwjim's picture
05
Oct
2011
0 Votes 0
Login to vote

Adobe Patching

If we use Patch Management to distribute Adobe updates/patches. Does it reset the option to advise when updates are available? We currently turn this option off.

I am only concerned about security updates, not program upgrades or versions.

JMart's picture
05
Oct
2011
1 Vote +1
Login to vote

  Third party vendors such as

 

Third party vendors such as Adobe sometimes address security issues in packages that install a full version of the application rather than in a hot fix that only updates the affected files.
 
Updates distributed as full installation packages may fail to preserve customizations made to previously installed versions of the application (e.g. turning off an auto update feature).
Customizations can be preserved by:
•Running a separate task following installation of the update; or
•Creating a transform file, adding the transform file to the package folder associated with the update, and creating a custom command line for the update package
 
Screenshots attached.
 
 
 
Transform.png Command line.png

-------------------
Justin Martin
Symantec

 

 

Pascal.KOTTE at BECHTLE's picture
20
Oct
2011
1 Vote +1
Login to vote

should native

Nice to get a patch solution able to update major version or full replacement keeping settings auto.

~Pascal @ Bechtle~ Do you speak French? Et utilisez Altiris: venez nous rejoindre sur le GUASF&l