I’m trying to wrap my mind around the whole “CORRUPT PATCH” idea in BigFix but I must be too dumb to understand it correctly: we are seeing a lot of fixlets (~1,600) that are listed as CORRUPT PATCH(es) but are all applicable on exactly 0 computers out of over 5,000. Some of these “corrupt patches” are from this Patch Tuesday as of 2/08/2011 and haven’t even been applied anywhere – how do they automatically get corrupted??
If these are informational and not needed, can they be deleted out of BF?
Thanks, and sorry for potentially super-dumb question.
Not dumb at all… I was very confused the first time I saw one of those. Do they mean the BigFix patch is corrupt? Or do they mean there is corruption on the endpoint? It’s the latter.
Thank you for your reply. I did see this article, but I still don’t understand two things:
if the patch was never installed, how can it be corrupted on the endpoint already?
if it is somehow corrupted, how come it’s applicable to 0 computers out of close to 5k systems?
Also, in “CORRUPT PATCH” example, I see two fixlets: one that is corrupt and another that isn’t. What is the point of having a corrupt fixlet? What would be the case when I’d want to deploy a “corrupt” fixlet over a normal one?
Jeremy, guess my question then is where do corrupt patches come from, if they are not applicable on any machines in BigFix? Here’s a screenshot of what I’m seeing:
If you are using BigFix 8 click the button that says “Show Non-Relevant Content”. This patch and others that don’t apply to your PCs will disappear from view but still be there for if a PC contracts an issue with this.
Let me try to explain in another way, as our choice of “corrupt patch” wording may be a bit unfortunate. The patch being deployed itself is in no way corrupt. There are (usually) two Fixlets that deploy the exact same patch from Microsoft, as Jeremy said. If the patch is needed on the endpoint and has never been installed, the first Fixlet will be relevant/applicable on the endpoint. If the patch has been installed previously, but some component updated by the patch has regressed (so you need to reinstall the patch), the “corrupt patch” Fixlet will be relevant.
So, the fact that you aren’t seeing any applicable computers for any of the “Corrupt Patch” Fixlets you’re looking at means that no Microsoft patches have been installed but then overwritten. They may not have been fully patched, however.
Thank you for your reply, this finally makes some sense, I think. So the fact that we have 0 applicable “corrupt patches” is actually a good thing, as it means that we don’t have any machines for which original patch got overwritten or “corrupted” in any other way, enough to trigger the “corrupt patch” fixlet. Is this correct?
That’s correct. When you see a fixlet (patch) with 0/5000 (or whatever the total # of client agents you have deployed is) listed under “Applicable Computers” that means none of your clients need the fixlet.