The purpose of this document is to outline the process for creating a custom patch, and to provide an example of how to create a custom patch using Shavlik Protect.
If you have any questions about whether a product or patch is supported in Ivanti Patch for Windows Servers, please contact support before creating a custom patch. A misconfigured custom patch could cause your console to work incorrectly so it is important that you follow these instructions precisely.
- Open the custom patch editor. Tools > Custom patch editor
- Next, click on Create a new custom XML file.
- You can add a Custom Product if this patch relates to a specific product. Although this step is not necessary it will add detection for the product itself. In this case it is not needed as the product is the operating system. Adding a custom product will allow you to target that application for the patch. If the product is not detected it will not look for the patch.
- I created an example product called X-Zip. You will need to provide a HKEY_LOCAL_MACHINE registry key path for the software as well as the corresponding information.
- Click insert, then Add Bulletin (or right click Custom Bulletins > Add New Bulletin).
- Give the bulletin a name. In this example I used HF01-001 because it is a hotfix.
- Give the bulletin a title, typically this will be a description. In the summary portion provide any important information.
*Note: The only required field is the bulletin name.
- Click on Insert and add a custom patch (or right click Custom Patches > Add New Patch).
- Give your patch a name. In this example I used the KB as the patch name.
- Select the bulletin you created in the above steps.
- Select the type of patch, and the severity.
- From here you will add the detection information in the Scan Information tab.
*Note: This step is very important as it will identify if the system needs this patch or not. If this is a MS patch, their KB on the patch will indicate what files or registry keys are used when detecting if the patch is needed. If this is not a MS patch and you are not sure how to detect it, it is recommended to install the patch on at least one machine to verify what files and/or registry keys are involved. In the example below we are using a file to detect if the patch is missing.
- You can also target a particular application or operation system using the targeting tab. In this case, since this update is only applicable to Windows Server 2008 SP2 and Vista SP2 I selected all corresponding operating systems.
- Targeting is not required, however if not specified the update will be offered for all systems that meet the scanning requirements.
- If you added a custom product it will show under targeting available products. You will first need to save the XML and import the custom XML before your custom product will appear in the list.
- On the deployment tab browse to the location of the patch and select it. Protect will automatically fill in the file size. Select any install switches that are required or desired for the patch deployment. In this case since the file is a .msu we need the /quiet switch.
*Note: Click the link for more information on using .msu files: http://community.shavlik.com/docs/DOC-1902
- Next you will need to validate your XML. There will be more information in the issue column if the validation fails.
- Save your custom XML, and then click the X to close the dialog box. This will prompt for you to import the custom patch.
- Click import now.
- When the below dialog box pops up select your Custom XML file and click OK. It goes through a second validation.
- After validation the Import Patch Definitions process automatically updates the database with the latest definitions, including the newly created custom XML. If you created a custom product you should see it added as well.
- Once the definitions are updated proceed to scanning your machines.
- Be sure to copy the patch to the patch repository on the console so it is available for deployment. You can locate your patch repository by going to Tools > Operations, under Patch download directory.
- Make sure that the scan template you're using includes the patch filter type that applies to your custom patch when scanning (i.e. Security Patch, Non-Security, Security Tool, etc.)
- We recommend testing with one machine that needs the patch to verify everything is working properly.
- Deploy the patch and verify it installs properly.
*Note: You should now also be able to look up and view your custom patch using View > Patches in Protect.
Additional information about custom patch creation and use can be found in the Shavlik Help - Overview of the Custom Patch XML Process.
If the patch detects as missing correctly, but the .bat file never runs on the target system, see our knowledge base related to custom patch .bat file never completing:
Ivanti Patch for Windows Servers
Shavlik Protect 9.X