In any case, having a need to exclude Fixlets from a Baseline implies you’re not examining the Fixlets as you include them in your baselines. You should not just create Patch Baselines based on every relevant Fixlet. You should examine each Fixlet when you add it to a patch baseline. Excluding Internet Explorer patches (or patches for any other product, for that matter), should be evident.
You haven’t said whether you’re using a dashboard, some external customization, or point-and-click to create your baselines.
In my environment, I’m using a custom dashboard to initially create a baseline, (but I examine the new baseline closely before sending it as an action!). One of the criteria I use for selecting Fixlets is “the fixlet is not already contained by an existing baseline in my custom site”. When I have a need to exclude a fixlet, I’ll create a new baseline with a relevance of “false” and a title like “Fixlets excluded from baseline patching”. Now that the Fixlet is in an existing baseline, my dashboard will not select it for any future baselines.
I can’t post my whole dashboard, but if you are using something to auto-generate your baselines this piece of Session Relevance might help:
(name of site of it, id of it, name of it) of elements of set of items 0 of
(item 0 of item 0 of it, name of item 0 of items 0 of it, item 1 of item 0 of it)
whose (true) of
((it, unique values of preceding texts of firsts " " of operating systems of applicable computers of it as lowercase) of
(fixlets of bes sites whose (name of it is contained by "Enterprise Security|Updates for Windows Applications")) whose
(fixlet flag of it AND applicable computer count of it > 0 AND (exists (applicable computers of it) whose (now - last report time of it < (60 * day)))AND (if not exists display category of it then true else display category of it is not contained by set of ("Audit"; "Bug Fix"; "Configuration"; "Definition Update"; "Hotfix"; "Microsoft Unsupported"; "Registry Setting"; "Setting"; "Uninstall"; "Update"; "Updates"; "updates")) AND name of it as lowercase does not contain "superseded" and exists default action of it),
sets of (fixlets whose ((category of it contains "Patch") and baseline flag of it) of
(bes custom sites whose (name of it = "MY_CUSTOM_SITE")))) whose
(not exists (it, elements of item 1 of it) whose
(item 0 of item 0 of item 0 of it is contained by set of source fixlets of components of component groups of item 1 of it ))
Results:
Enterprise Security, 1608805, MS16-088: Security Update for Microsoft Office - Excel 2007 SP3 - KB3115306
Enterprise Security, 1608851, MS16-088: Security Update for Microsoft Office - Outlook 2010 SP2 - KB3115246 (x64)
Enterprise Security, 1608853, MS16-088: Security Update for Microsoft Office - Outlook 2010 SP2 - KB3115246
Enterprise Security, 1608865, MS16-088: Security Update for Microsoft Office - Word 2007 SP3 - KB3115311