1. Symantec/
  2. Security Response/
  3. Security Updates Detail

Symantec Enterprise Security Manager - Symantec™ Enterprise Security Manager Patches module

June 24, 2010


The Patches module checks for the presence of operating system and application patches that strengthen the system security. The patch information is stored in the patch templates.

Symantec updates the patch templates with the Symantec ESM policy installer. This ensures that the updated Patch templates for supported operating systems and applications are available for the policies that are delivered with the Security Update releases. Installing this update adds or updates the Patches policy and the associated template files on the Symantec ESM manager.

This rapid response patch update for Symantec Enterprise Security Manager reports the operating systems and application patches for Windows.

Resolved issue

The following issue is resolved in this release:

In the MS10-033 bulletin, a precondition to check for the existence of DirectX 9 on the ESM agent computer has now been added in the Windows 2000 template.

This precondition is not supported on any other Windows Operating system as Microsoft bulletin does not indicate the DirectX version for the other Windows Operating systems.

Template updates

The following templates are updated in this release:

Template version Template file Application on operating system
3312 patch.ps5 Microsoft Windows 2000 Server and Windows 2000 Advanced Server
3300 patch.pw5 Microsoft Windows 2000 Professional

This rapid response policy includes updates to the Patches module templates that detect new vendor-released patches on the following operating systems:
  • Windows Vista Enterprise 32-bit
  • Windows Vista Enterprise 64-bit (Opteron and EM64T)
  • Windows Server 2003 and 2008 64-bit (Opteron and EM64T)
  • Windows Server 2003 and 2008
  • Windows Server 2003 and 2008 (Itanium)
  • Windows XP Professional
  • Windows 2000 Server and Windows 2000 Advanced Server
  • Windows 2000 Professional
  • Windows 7 on x86 and Opteron
  • Windows 2008 R2 on Itanium, Opteron, and Xeon

See the Symantec Enterprise Security Manager Data Sheet [link: http://eval.veritas.com/mktginfo/enterprise/fact_sheets/ent-factsheet_enterprise_security_manager_6.5_06-2005.en-us.pdf] for specific version information.

The following applications are also supported:
  • Microsoft Internet Explorer (IE)
  • Internet Information Services Web server (IIS)
  • Microsoft SQL Server
  • Microsoft Exchange Server
  • Microsoft Internet Security and Acceleration Server
  • Microsoft Outlook Express
  • Microsoft Visual Studio
  • Microsoft Windows Media Player
  • Microsoft Windows SharePoint Services
This policy is designed for Symantec ESM agents running SU 24 or later versions of the Patch module.

For more information on the latest agents, refer to ESM Agent Downloads section on the following Symantec Security Response Web site:


ESM 6.5.x or later users: To automatically install, either use the LiveUpdate package entitled, Patch Policies – OS Comprehensive or click on the following links:

Download Patch Policy for Manager with Windows 2008 R2 agent <BestPractice_OS_Patch_Updates_2010.06.05.exe>
MD5: d84d17ef087727fed5345969633adb99

Download Patch Policy for Manager without Windows 2008 R2 agent <BestPractice_OS_Patch_Updates_2010.06.06.exe>
MD5: 9979a439218443353187e058ac7f0349
Last modified on: June 24, 2010
Security Response Blog
The State of Spam