BigFix CA antivirus signature updates on locked clients

(imported topic written by hreich91)

I would like to know how to setup BigFix clients (our Windows servers) so that the CA antivirus signatures get updated on locked machines. We would like to have the BigFix client on all our Windows servers so that we can use the BigFix antivirus product; but we want to keep these machines locked so that patches cannot be inadvertently applied.

(imported comment written by BenKus)

Hi hreich,

Not allowing any updates is definitely the intended behavior of the locking scheme, but luckily we thought ahead on this and we do allow you to exempt actions from specific sites.

  1. Go to your BES Admin Tool.

  2. Click “Edit Masthead” on the second tab

  3. Add an “action lock exemption”. For BigFix Antivirus from CA, you will use the url:

http://sync.bigfix.com/cgi-bin/bfgather/bigfixantivirus

This is not a commonly used feature so you should test and double-check that I gave you the right info…

Ben

(imported comment written by hreich91)

Thanks greatly. Your solution worked perfectly.

(imported comment written by hreich91)

We have now migrated to the Trend Micro Core Protection Module. What URL can I use to enable pattern updates for Trend Micro?

(imported comment written by StacyLee)

I like this idea and would like to see some added functionality.

How would you add more than one URL, can this be a pick list or drop down instead?

Instead of adding a whole site in as an exception as this seems to be mean all fixlets are allowed to be deployed regardless of lock status.

How about I create a custom site and I can import in any content I need pushed out to locked machine. This seems to narrow the scope down a bit to what is allowed and make this the exception site.

(imported comment written by hreich91)

I figured out what the URL should be for Trend Micro Core Protection Module.

It’s http://sync.bigfix.com/cgi-bin/bfgather/trendcpm

My locked machines now receive their updated patterns automatically.