That’s great, thanks @BaiYunfei. Is this detection now automatically built into the patch logic process/framework, or does this have to be manually determined with each patch that is released? I.e. should this be the end of these types of issues going forward?
It’s built into relevance generation since earlier reports of this issue, and yes I would expect future kernel security-only content to be free of this issue. We are currently looking into similar concerns for .NET security-only and monthly rollups.
Update: An update for .NET Fixlets have been published (Patches for Windows, version 2730) to address similar potential issues.
It may be time to look at optimizing your end points evaluation cycle.
Do one or both of the following:
- Determine if client is being expected to evaluate too much content or content that takes too long using the client debug tool and performance counters analysis:
http://www-01.ibm.com/support/docview.wss?uid=swg21505873#clientdebuglogging
http://www-01.ibm.com/support/docview.wss?uid=swg21505873#counters
Remove any content in deployment no longer needed, stop and delete actions that are expired or no longer needed. Reduce the frequency of properties that are evaluating too frequently through Manage Properties
- Increase CPU usage of BigFix agent during patching and decrease CPU usage of agent after patching,
1 Like
All good points… I must point out however that this behavior is not happening for other “normal” pushes of fixlets we write… Response is normal relevance wise… This long pause only seems to happen on the MS quality releases 
Will increase CPU next round and report !
Hi @BaiYunfei . I think it goes for this topic, but correct me please if I’m wrong.
I have the curious situation that the fixlet for KB4012216 says I have 0 applicable computers, however the fixlet checking for KB4012213 finds hundreds of applicable computers. I understand that if KB4012216 installed then it should contain KB4012213 as well, so I was expecting it would get KB4012213 to zero as well. I might miss some knowledge here.
Hi @Laci,
From what I see, KB4012216 is the monthly rollup for Mar 2017. If you are at the latest site version, this should have been superseded by monthly rollup for Apr 2017, KB4015550. Even if those applicable computers still do not have KB4012216, it won’t be relevant.
Could you double check whether this is the case?
Another way to verify this is to download KB4012216 on one of the applicable computers and manually run it, it should still be applicable.