Lately it seems like every week Google Chrome is releasing a new zero day vulnerability patch. Like all patches you want to have a process and test the patches before you roll it out to the masses. Enabling Chrome to auto update is not a good solution as they could roll out and update and then this could break an internal application. It is best to test patches with a test group ahead of time as it burned me in the past where a chrome update broke a critical application and we had to scramble. With BigFix you can create a patch policy for just your web browsers in a controlled manner to patch ahead normal monthly patching cycle. Now your security team can sleep better at night knowing that new zero day patch Chrome just released is going to be patched automatically in a controlled manner and tested.
The only issue with the weekly patch is if the patch becomes Superseded before the auto refresh, it will not be deployed to the machines.
in that case i would preache the downloads so when you deploy to your test groups the precache on you prod machines begins on the same day. This way the action is created caching on machines waiting for the deployment. In that case they would not supercede if the action is created.
I have been working on a PoC for our workstation devices and I have observed that Chrome and Edge can be updated in the background without work interruption but when you update Firefox in the background the application stops working and the user needs to re-launch it. This is a stopper for us as we don’t want to cause the browser to stop working when someone is in the middle of a meeting or presentation, and a patch policy doesn’t have the option to send it as an offer.
@fermt, we do have the ability to send a patch policy as an offer. Please see the procedure steps and #11 in this link for more details:
https://help.hcltechsw.com/bigfix/11.0/webui/WebUI/Users_Guide/t_create_patch_policy.html
-Gus.
In that case you might want to create a separate policy for firefox and send those out as an offer.
When you create the schedule the offer section is at the bottom.
I mean to say, it doesn’t have the option to display a message to the user and let them choose when to apply the update.