Im new to a company that utilizes BigFix managed by a third party. During this last update we ran into some issues:
a) We had some machines attempt to install a patch, reboot and then remove it.
b) We had 5 machines bluescreen and die.
Now, the theory is that perhaps the users had Windows Update run which in turn put certain patches before others. Installing them in the wrong order. My question is, BigFix has an inventory, shouldnt there be some kind of logic check be run before the machine starts installing patches ?
Usually such logic would be built in to the patches themselves, so we might expect a patch to fail (due to prerequisites), then configure the action to retry after a reboot (and the patch completes successfully after the prereq is met.)
If the machine is bluescreening, we’d start troubleshooting what is wrong with a patch or with the machine configuration, often starting with antivirus or drivers (as only kernel-mode apps should be able to trigger a full bluescreen)