1 of 1 people found this helpful
There are indeed some patches like the MS12-A06 and MS12-A04 patches that have installers and uninstallers. If you have auto deploy enabled then it will install one patch and then detect that the patch is installed and try to uninstall it next time. We have had issues were clients are trying to keep a low patch count and patches like this keep showing up.
The solution is to create a patch group for patches like this that have the patch you want to exclude, and then in your scan template, skip the patches in that patch group. These are what we call On/Off patches, and require the admin to choose what patch they would like in their environment, and exclude the other in their patch group.
Please let us know if this answers your questions, or if you need additional information on how to create patch groups and exclude them.
OK, that i sright on the money - Thank You!
How do I know which is the uninstaller? Is it flagged differently? I assume I would need to know which is the uninsatllee in order to add it to the patch group.
The patches that have an installer/uninstaller are specifically listed as "Security tools". An example of this would be MS12-A04 it has Q2719615 (the installer) and Q2719615U (the uninstaller), one or the other of these will always show as missing if they are both scanned for. This would happen if you had a template that scanned for security tools without any other filtering.
Neither a WUScan or Security Patch Scan would have this issue.
When they are detected, the patch summary will indciate the functionality of the patch and what the patch will do. I would look at MS12-A04/A06 and see what the patch summary says about them. One of the patches will indciate that it removes the functionality and the other adds it.
It is going to be unqiue to each patch on how the vendor words its functionality.
That is perfect! Thank you again.