Patch Management Solution

 View Only

  • 1.  Delete 100% compliant patch packages but keep policy management

    Posted Sep 09, 2015 03:33 PM

    I've researched a lot of articles here and see that there are processes for clearing space on package servers by deleting old packages.  My issue is that all of the methods I have found involve removing the policy.

    Like a lot of people posting here, we are running out of space on package servers and need to buy some time until the bulk of them can be upgraded.  In order to keep new patches flowing in, some space needs to be recovered and the obvious target is old patches that are already 100% distributed.  So old policies are deleted and the files are removed.

    The concern is that when the next audit comes around we will not be able to show compliance with the removed bulletins since my understanding is that Altiris doesnt manage anything it doesn't have a policy for and we can't just tell the auditor that he doesn't need to worry about critical patch MSXX-0XX since we deleted it on purpose.  That wouldn't go over too well.

    Is there any way to have Altiris delete packages after initial deployment to the enterprise and still report on compliance numbers?

    Any advice is greatly appreciated.

    - Michael



  • 2.  RE: Delete 100% compliant patch packages but keep policy management
    Best Answer

    Broadcom Employee
    Posted Sep 15, 2015 06:34 AM

    Hi Michael,

    does it mean that you need to have all reports data only in SMP Console for Audit or you can use external reporting to show your current vulnerability of managed client computers?

    What about to use a ITAnalytics and save report data per appropriate date/data/computers, before bulletin/update/policy deletion from "Symantec_CMDB" database?

    As example save current report data from ITA - Patch Vulnerability report on Parent NS

    PatchITA.jpg


    Thanks,

    IP.



  • 3.  RE: Delete 100% compliant patch packages but keep policy management

    Posted Sep 16, 2015 05:58 PM

    Thanks!  I never considered using a separate utility (I'm not sure we own that module but I'll check).  Sometimes it just takes a second pair of eyes I guess.  At least I have one more option than I had before.  Much appreciated!



  • 4.  RE: Delete 100% compliant patch packages but keep policy management

    Broadcom Employee
    Posted Sep 17, 2015 12:04 AM

    Additional note:

    1. In ITMS 7.6 release you can save "Filters" data, "Reports" data in HTML, XML, CSV files.
    2. Also Enhanced Console Views provides ability to build own report data, providing list of DataClasses and Associations and save yor custom built report in separate file or in console.