Bigfix fixlet is different category than Microsoft

lltc · January 7, 2019, 1:13am

Hi all,

Is there a way to re-categorise a fixlet, or to at least exclude it so that it’s not relevant?

IBM have categorised KB3062591 as a Security Update for some reason, even though Microsoft have it as a Security Advisory.

3062591: Security advisory: Local Administrator Password Solution (LAPS) now available - GPO CSE and Management Tools (x64)
ID 306259107
Site Patches for Windows
Category Security Update
CVE ID Unspecified
Download Size 956 KB
Source Microsoft
Source ID KB3062591
Source Severity Unspecified
Source Release Date 1/05/2015

I don’t want this update being shown on reports for Security Updates, because it’s just not needed.
Even MS doco says that the CSE is the minimum that is required if LAPS is installed, so why does it also need the Mgmt Tools installed as Security Update.
AD Schema needs to be updated before it can be used.
This entire installation requires detailed planning.
So many reasons not to have this listed as a Security Update in BigFix.

Aram · January 7, 2019, 7:09pm

While you cannot modify a Fixlet (including its category) that is in an external site, there are at least a couple options here:

you can hide the Fixlet
if leveraging Patch Policies, you can easily exclude the Fixlet from policies

Either way, I’d recommend opening a Support Request to have the Fixlet’s category updated as appropriate.

lltc · January 8, 2019, 3:06am

Thanks. I originally hid the fixlet but it was still showing as needed in the Web Report.
However, I have now updated my relevance and it works as I would like it.

I have also logged a support case with IBM to see if it can be re-categorised.

bes fixlets whose (category of it is contained by set of ("Critical Updates";"Security Update") and globally visible flag of it = true)