Disabling Fixlet Download

(imported topic written by SystemAdmin)

Hi,

In our environment, all our System Admins are required to apply patches within a specified SLA. However, we noticed that sometimes, after the SA had applied all the relevant patches, one or two patches become relevant again and they were not able to comply to the SLA as they need to time test. The reason is that quite often, Bigfix amends their fixlets. Hence, the fixlet may not be relevant at one time but after the amendment, it becomes relevant.

We are exploring if we can disable downloading new fixlet (particularly Microsoft Fixlets) and only download them when a new patching exercise starts. Can Bigfix experts advise on this and whether if there is any implication to this approach.

If you guys in this forum have other method or approach, appreaciate it if you could share them.

Thanks a lot!

Cheers.

(imported comment written by BenKus)

Hi ptan,

There isn’t really a good way for you to disable Fixlet downloads without mucking with network settings on your server (which I don’t recommend). Also, note that when a Fixlet is updated, it usually is for good reasons and you might want to amend your patch procedure to take into account changes from Microsoft or BigFix so that you can deploy up-to-date patch/Fixlets…

But here is something you might want to do if you really don’t want the Fixlets to change:

  • when starting your testing, put the Fixlets in a baseline (this creates a copy of the current Fixlets)
  • test with the baseline and use the baseline results for your SLA
  • If BigFix updates the Fixlets, the baseline will still contain copies of the older Fixlet (until you click the “synchronize Fixlet” button) so you can still deploy/report from the older Fixlets.

Does that work for you?

Ben

(imported comment written by SystemAdmin)

Hi Ben,

Thanks for the quick reply. Currently, we are using the Web reporter to generate the list of servers that still have outstanding patches (using report by Computer Properties with Relevant Fixlet checked). In fact, we have created custom script to import this web report to a database.

I believe even if we would to use the baseline approach, those re-released fixlet that becomes relevant will still be reported. Is there anyway that we can filter re-released fixlet or even bether, source release date in the Web Reporter?

Cheers.

(imported comment written by SystemAdmin)

Hi Ben,

I have noticed that only re-released patch from say Microsoft, will be indicated in the fixlet name but not those amended fixlet by Bigfix. So how can I tell if a fixlet has been amended byBigfix from the console? Again, can I filter such fixlet from the Web Reporter?

Thanks.

(imported comment written by BenKus)

Hi ptan,

There isn’t a way to track each little change to the Fixlets over time, but your baselines will maintain the older versions so you can consider reporting on the baseline status rather than on the individual Fixlet status. That is the best I can think of…

Ben