How To: Create a Custom Patch

Version 19

    Purpose

     

    The purpose of this document is to outline the process for creating a custom patch, and to provide an example of how to create a custom patch using Patch for Windows.

    If you have any questions about whether a product or patch is supported in Ivanti Patch for Windows Servers, please contact support before creating a custom patch. A misconfigured custom patch could cause your console to work incorrectly so it is important that you follow these instructions precisely

                    

    Description

     

    Create a Custom XML

     

    1. Open the custom patch editor. Tools > Custom patch editor

     

    Custom patch editor.PNG

     

    2. Click on Create a new custom XML file.

     

    Create a Custom Product

    You can add a Custom Product if this patch relates to a specific product. Although this step is not necessary it will add detection for the product itself.  In this case it is not needed as the product is the operating system. Adding a custom product will allow you to target that application for the patch. If the product is not detected it will not look for the patch.

     

    In this example, I create a product called X-Zip. You will need to provide a HKEY_LOCAL_MACHINE registry key path for the software as well as the corresponding information.

    Custom product.PNG

     

    Create a Custom Bulletin

     

    1. Click insert, then Add Bulletin (or right click Custom Bulletins > Add New Bulletin).

     

    2. Give the bulletin a name. In this example I used HF01-001 because it is a hotfix.

     

    3. Give the bulletin a title which typically this will be a description. In the summary portion provide any important information.

     

    Bulletin.PNG

     

    The only required field is the bulletin name.

     

    Create a Custom Patch

     

    1. Click on Insert and add a custom patch (or right click Custom Patches > Add New Patch).

     

    2. Give your patch a name. In this example I used the KB as the patch name.

     

    3. Select the bulletin you created in the above steps.

     

    4. Select the type of patch, and the severity.

    Custom patch.PNG

     

    5. From here you will add the detection information in the Scan Information tab.

    This step is very important as it will identify if the system needs this patch or not. If this is a MS patch, their KB on the patch will indicate what files or registry keys are used when detecting if the patch is needed. If this is not a MS patch and you are not sure how to detect it, it is recommended to install the patch on at least one machine to verify what files and/or registry keys are involved. In the example below we are using a file to detect if the patch is missing.

    File Details.PNG

     

    6. You can also target a particular application or operation system using the targeting tab. In this case, since this update is only applicable to Windows Server 2008 SP2 and Vista SP2 I selected all corresponding operating systems.

    • Targeting is not required, however if not specified the update will be offered for all systems that meet the scanning requirements.
    • If you added a custom product it will show under targeting available products. You will first need to save the XML and import the custom XML before your custom product will appear in the list.

    Targeting.PNG

     

    7. On the deployment tab browse to the location of the patch and select it. Protect will automatically fill in the file size. Select any install switches that are required or desired for the patch deployment. In this case since the file is a .msu we need the /quiet switch.

    Deployment info.PNG

     

    Click the link for more information on using .msu files: http://community.shavlik.com/docs/DOC-1902

     

    Import/Validate your XML

     

    1. Next you will need to validate your XML. There will be more information in the issue column if the validation fails.

    Validate.PNG

     

    2.  Save your custom XML, and then click the X to close the dialog box. This will prompt for you to import the custom patch.

     

    3. Click import now.

    Import now.PNG

     

    4. When the below dialog box pops up select your Custom XML file and click OK. It goes through a second validation.

    Validate xml.PNG

     

    5. After validation the Import Patch Definitions process automatically updates the database with the latest definitions, including the newly created custom XML. If you created a custom product you should see it added as well.

    Import definitions.PNG

     

    Scan and deploy to your machines.

     

    1. Once the definitions are updated proceed to scanning your machines.

    • Be sure to copy the patch to the patch repository on the console so it is available for deployment. You can locate your patch repository by going to Tools > Operations, under Patch download directory.
    • Make sure that the scan template you're using includes the patch filter type that applies to your custom patch when scanning (i.e. Security Patch, Non-Security, Security Tool, etc.)
    • We recommend testing with one machine that needs the patch to verify everything is working properly.

    Scan Complete.PNG

     

    2. Deploy the patch and verify it installs properly. You should now also be able to look up and view your custom patch using View > Patches in Protect.

     

    Additional Information

    Additional information about custom patch creation and use can be found in the Shavlik Help - Overview of the Custom Patch XML Process.

    If the patch detects as missing correctly, but the .bat file never runs on the target system, see our knowledge base related to custom patch .bat file never completing:

    Custom Patch Deployment .bat File Never Completes.

    You can also find helpful training on this topic here Patch for Windows

     

    Affected Product(s)

     

    Ivanti Patch for Windows Servers

    Shavlik Protect 9.x