Patch Management Solution

 View Only
  • 1.  HOWTO38239 Patch Cleanup Questions

    Posted Jul 14, 2017 04:39 PM

    I've noticed that the recent Microsoft bulletins have become exorbitantly large (e.g. some in the gigabyte range!) so am now forced to do some disk cleanup.  I was directed to HOWTO38239, below, although had some questions on it.

    https://support.symantec.com/en_US/article.HOWTO38239.html

    For one, Step 2 doesn't explicitly say it but after disabling a patch policy I no longer need then waiting at least 2 days, I'm actually deleting the policy itself, right?  The answer to this might be obvious but I wanted to make sure as I feel the step's heading should've had something like "disable then delete the policy".

    In Step 3 after disabling the bulletin and ensuring that the Staged status is false, what's the purpose of that "Right Click a bulletin (e.g. MS10-084) & select List software Updates" as the article doesn't state what you're looking for?

    Another thing the HOWTO doesn't address is what to do when you've combined multiple bulletins into a single policy where 1 or more of the bulletins are still relevant.



  • 2.  RE: HOWTO38239 Patch Cleanup Questions

    Posted Jul 14, 2017 08:25 PM

    On a somewhat related note, noticed a few bulletins in a Windows Superseded Bulletins report I ran which had a few bulletins with Downloaded "No" but Policies "1".  Kind of doubt I had disabled any of these so can someone explain what I'm seeing?



  • 3.  RE: HOWTO38239 Patch Cleanup Questions

    Posted Jul 18, 2017 05:08 PM

    I just deployed this month's Microsoft updates (opted for 5 of them) which totaled a whopping 10 gigs!  Really concerned about the amount of drive space MS updates are chewing up on my SMP and task server.  Anyone know if Patch Management Solution 8.1 does a better job at managing drive space?



  • 4.  RE: HOWTO38239 Patch Cleanup Questions

    Trusted Advisor
    Posted Jul 19, 2017 11:42 AM

    Don't think this really answers your questions, but I've always done one update per policy for cleanup purposes.  

    Once a month I go to the superseded report, and any policy superseded, I move it to a "disabled updates" folder.

    Once in that folder, it's easy to disable all superseded updates at once.  Then I wait at least a day and delete the policies in that folder.

    At some point during the month, I run superseded report again, right click on all superseded reports (which now show downloaded but not in a policy), right click and do disable.  This queues server to delete them.

    I used to diligently then check server space, then run Check Software Update Package Integrity and when that completes confirm patches disabled and server space was freed up.  Now I normally just let it run at the scheduled interval (once a week) as it's been working as expected for quite awhile.

    As far as I know, 8.1 doesn't change anything with patch cleanup.



  • 5.  RE: HOWTO38239 Patch Cleanup Questions

    Posted Aug 11, 2017 01:53 PM

    Can confirm that 8.1 doesn't change the process of cleanup.  Recently went through this process with the Windows 10 Cumulative Updates.



  • 6.  RE: HOWTO38239 Patch Cleanup Questions

    Posted Aug 16, 2017 02:35 PM

    wow I was looking for something like this... on a side note to it, on the PMImport job, there is a disable superseded check box so theoretically if you have that checked you should not need to go and disable the policies. I too do one patch per policy...

     



  • 7.  RE: HOWTO38239 Patch Cleanup Questions

    Trusted Advisor
    Posted Aug 17, 2017 07:04 AM

    We've always had that checkbox checked.  It disables the update, but not the policy itself.  If you go into the policy, you'll see policy is enabled, but the patches are all 'red' and not enabled within the policy.  Probably makes it safer to delete the policy right away, though, not sure.  



  • 8.  RE: HOWTO38239 Patch Cleanup Questions

    Posted Aug 17, 2017 07:13 AM
      |   view attached

    that is interesting.. yes they say you must wait at least 2d for "Update Configuration process ​" to run... is that just a simple, machine has checked in? If so then yes you should be able to delete them right away. our machines check in every 4h, so I disabled the policies yesterday and if that is true, I could delete them now. Guess I will still wait till Monday, delete policies and check folder space usage come Tuesday.

    Not sure if this is considered a lot of space being used... but this is where were at...

    143gb used



  • 9.  RE: HOWTO38239 Patch Cleanup Questions

    Posted Aug 22, 2017 09:40 AM

    Well this totally worked; however, I only gained 10gb... and this months patches added back in the 10gb... hah...

    Still this process worked! Just need MS to go cumulative with win7, then I can get rid of all the MS articles I have enabled....



  • 10.  RE: HOWTO38239 Patch Cleanup Questions

    Broadcom Employee
    Posted Jul 24, 2020 02:36 PM
    The cleanup article URLs are now: 
    https://knowledge.broadcom.com/external/article/173589 (simplified)
    https://knowledge.broadcom.com/external/article/162385 (more explanation including new features in 8.5)