How do I deny a patch in Software Management?
It is good practice to test OS or application patches before rolling these out to your managed machines. This testing should cover various platforms - OSes, hardware, software, etc. This testing will limit the chance of patch causing widespread
During this testing, you may find a patch or update causes issues in your environment, and you wish to deny this patch or update from being deployed to your managed machines.
By default, Software Management will set any new patches in to "Review", meaning that they will not automatically be deployed.
If you wish to ensure that a patch is never installed, you can create an "Override". An override is a rule based on specific details, such as a Description, KB Number, Vendor, etc
How to create an override for a patch
- Navigate to Software Management > Override
- Select "New"
- You may want to call this "Denied Patches", so that you can add any additional patches to this override in future, if needed.
For the column values - select - Field choose "KB#", for Operator choose "Contains", for Value insert the patch KB you want to suppress.
4. click Save.
5. To apply, navigate to Software Management > Machines > Assign Profiles and Drag and Drop the Override profile and click assign.
6. When a scan runs, the Override settings are taken in to account. If the scanned machine is missing the given patch, the Override will apply the "Suppress" flag to the patch, ensuring that it is not installed.