Symantec Management Platform (Notification Server)

Hello Everyone,

Id like to dissiminate this issue to the everyone hoping would help me trobleshoot in clearer perspective.

We have setup Altiris Notification Server at this stats.

OS of Altiris Notification Server: Microsoft Windows 2003 Enterprise Ed. 32bit
Notification Server Version 7
Patch Management Version 7 SP2


The Altiris Server is working properly.
The Patch Management have PMimport, patch staging and policy distribution.

At some time of this month,  we tested a manual Microsoft Update on one of the Altiris client and shocked us to see a security update which by understanding should be done by the Patch Management Server.
I can't point out an error log  its equivalent

Attached file is the manual update on one of the client dated June 18, 2010

How is it possible that this scenario is applicable in the Patch Management environment?
Is there any workaround to settle this?



Thanks everyone for reading and hope to see a reply from you.

-
Anthony Antiga
Secure-DNA PI, Inc

Many of high priority updates by Microsoft are not classified as security updates (and thereby released for distribution) by Altiris.

If that's the case Sir, does the Altiris have this configuration or list of category that such MS update wil considered as unclassified security updates

updates found is in my attached file.


1. KB982186
2. KB890830
3. KB978695


Thanks.

Anthony Antiga
Secure-DNA PI, Inc

AKB46252 - This will tell what is being released and or fixed (depending on any known issues). As for the three you listed.

1). .Net Framework 3.5 SP1 - not released, considered a service pack. Almost all service packs and software releases in general (for example, Internet Explorer 8) are excluded by Altiris Patch Management
2) Malicious Software Removal tool - same as above. Can be distributed (like the above) using Software Management.
3) This was actually listed as released in AKB53267, so it should be patching. Do you see it on one or two systems or multiple? I don't see any known issues as it not patching properly (that doesn't mean I didn't miss one).

Although it relates to a different question, https://kb.altiris.com/article.asp?article=48314&p=1 does say the following :

"Patch Management is designed primarily to deploy security update files that are associated with Microsoft Security Bulletins, though it is periodically used to deploy Microsoft KB updates if they are security related.  In regards to Microsoft Security Advisories, if and when they become a Security Bulletin they are always added into PMImport and deployed."

Thank you Guys.

I will gather thi helpfull information and to generate an expnantion to this matter.


Thanks a lot.

Anthony Antiga

Thank you Sir Jharing,

I'll get to the patch management to look at this process.

Thank you Sir Jharing,

I'll get to the patch management to look at this process.

When I looked at the MS10-033, i found out that there is no KB978695.

How is this happend?

Thanks Sir.

So, I'm not sure what you mean that it's not there. Check the Microsoft Technet article for further information. It does appear the actual kb978695.exe file is limited to Windows Media format runtime, but it is still grouped under MS10-033, and is listed in Altiris as being available.

Okie Sir, What I mean in it is that  in downloaded MS10-033 bulletin in Altiris Remediation Center, there is no KB978695 update.

So as in MS10-036 where i didn't find KB 982157 and MS10-039 with KB 980923..


Thanks Sir.

If you were excluding certain software resources, the patch won't appear during the pmimport.

OK Sir, Thanks for that Idea,

Id like to know which part will the exclusion of software resource will have the effect in PMimport..



Thank You.

Got it Sir, Immodifying my exclusions this time.

I'll be back after this procedure.. Again, Thank you.