Manual Downgrade Strategy: Reverting BigFix Agent from 11.0.4.60 to 11.0.3.82 for Compliance(Windows)

ersaumitra10 · January 20, 2026, 10:54am

While we usually look forward to the latest features, certain environment-specific compliance requirements or technical edge cases might necessitate a version rollback.

Since the BigFix agent doesn't natively support "downgrading" via a standard upgrade task, I wanted to share a robust method to automate this across a high volume of endpoints using a detached batch script. This ensures the process completes even after the 11.0.4 agent is uninstalled(Sample used is BigFix agent version 11.0.4.60 and downgraded to 11.0.3.82)

We use a Custom Fixlet that bundles the BESRemove Utility and the 11.0.3.82 Installer. To bypass network connection issues (like PowerShell DownloadFile errors), we use the BigFix prefetch block

Relevance - version of client = "11.0.4.60"

Action Script -
begin prefetch block
add nohash prefetch item url=http://your-server:52311/BigFix-BES-Client-11.0.3.82.exe
add nohash prefetch item url=http://your-server:52311/BESRemove11.0.3.82.exe
end prefetch block

// Setup local staging
dos mkdir "C:\temp"
move "__Download\BigFix-BES-Client-11.0.3.82.exe" "C:\temp\BigFix-BES-Client-11.0.3.82.exe"
move "__Download\BESRemove11.0.3.82.exe" "C:\temp\BESRemove11.0.3.82.exe"
copy "{pathname of client folder of site "actionsite"}/actionsite.afxm" "C:\temp\actionsite.afxm"

// Create the Detached Swap Script
createfile until END_OF_BATCH
@echo off
timeout /t 60 /nobreak
net stop BESClient /y
"C:\temp\BESRemove11.0.3.82.exe" /client /silent /force

:WAIT
timeout /t 5 /nobreak
if exist "C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe" goto WAIT

:: Cleanup leftovers from 11.0.4
if exist "C:\Program Files (x86)\BigFix Enterprise\BES Client\FIPSModules" rmdir /s /q "C:\Program Files (x86)\BigFix Enterprise\BES Client\FIPSModules"

"C:\temp\BigFix-BES-Client-11.0.3.82.exe" /s /v/qn
net start BESClient
END_OF_BATCH

delete "C:\temp\downgrade.bat"
move __createfile "C:\temp\downgrade.bat"

// Launch background process
run cmd.exe /c "C:\temp\downgrade.bat"

Once BigFix agent is downgraded to version 11.0.3, used below tasks for clean up for files created -
delete "C:\temp\actionsite.afxm"
delete "C:\temp\BESRemove11.0.3.82.exe"
delete "C:\temp\BigFix-BES-Client-11.0.3.82.exe"
delete "C:\temp\downgrade.bat"

Jared · January 22, 2026, 1:29am

I would really want to take your hard work here and change it to migrate endpoints between installations for DMZ users.

Thank you for sharing.

@Eduardo @ewilson @danilohenrique

DerrickD · January 22, 2026, 4:25pm

Looks pretty good… but Does the client end up generating a new ID and therefore leave behind 2 computer objects in BigFix Console?

ersaumitra10 · January 23, 2026, 5:32am

Yes, unfortunately duplicate IDs will generated, this is re-install behavior and hence a new computer ID will be created for CIs and using BES admin tool duplicate ones should be removed post downgrade.