CA Client Automation

  • 1.  how to works report Need Patch, but Don’t have

    Posted Feb 03, 2018 03:54 PM

    Hi Guys

     

    i need to know how to works the report Need Patch, but Don’t have because at the moment when I execute it I leave patches that I should not have installed since I have a subsequent one or in default a monthly roolup if someone can tell me how I can define or put it today would be very helpful

     

    thanks



  • 2.  Re: how to works report Need Patch, but Don’t have
    Best Answer

    Broadcom Employee
    Posted Feb 04, 2018 05:36 AM

    Hi Jonathan,

     

    The Patch Manager report "Need Patch, but Don’t have" is based on computers member of DSM Groups like "UPM Patch Not Found*"

    The groups "UPM Patch Not Found*" contain machines which require the patch to be installed but they have not it.

     

    If a machine belongs to one of group "UPM Patch Not Found*" it will appear in the result of report for associated patch.

     

    The groups "UPM Patch Not Found*" are based on DSM Query which contains 4 conditions (AND operator between the conditions) :

     

    1. The patch is not present in the software inventory of the machine (signature scan)

    2. The date of last execution of "Signature Scan" is more recent than date of signature of the patch.

    3. The machine has at least one software of the "Patched Software" list in the software inventory (Signature scan)

    4. The machine has at least one software of the "Conditions for targeting" list in the software inventory (Signature scan)

     

    If some machines appear in the groups "UPM Patch Not Found*" but they should not, check these 3 points :

     

    •  Make sure that DSM group has been evaluated recently or do a manual evaluation

    •  Check if Software Inventory of the machine looks correct and has been inventoried recently
      Otherwise you coud try a full inventory scan with :
      caf start amagent args -rescan_software -collect

    •  In UPM console, check the "Conditions for targeting" list 

     

     

    Example :

     

    CA - Win 2008 Post SP2 32Bit x86 OS Only - DELTA Security Rollup v1801.00

    needs

    CA - Win 2008 Post SP2 32Bit x86 OS Only - FULL Security Rollup v1712.00 Or
    CA - Win 2008 Post SP2 32Bit x86 OS Only - DELTA Security Rollup v1712.00

     

     

     

     

    Thanks.

    Regards,

    Jean-Yves