1 2 Previous Next 19 Replies Latest reply on Feb 12, 2015 3:11 PM by Bill Robinson

    Windows Patching - Irrelevant Patches

    Rob Slattery

      Why can't I create a Windows Paj, that points to a catalog's smartgroup, and one of the patches within that smartgroup also resides within the irrelevant patches smartgroup?


      Also, I already have a Windows Paj that we use and run against the same Windows Catalog I'm trying to create a new Paj.


      Is there a rule of thumb for removing or emptying out the irrelevant patchs smartgroup and if it is cleaned out, is there any negative consequences for doing so?




        • 1. Re: Windows Patching - Irrelevant Patches

          Seems you are now with BSA 8.5 or above.


          Yes, Indeed with irrelevant patches you will not be able to construct the PAJ or Run it.


          Had a  healthy discussion with BMC on it and there seems to be no workaround as of now.

          As per BMC / Shavlik the patches which are marked as irrelevant are those which are marked as obsolete by MS.

          1 of 1 people found this helpful
          • 2. Re: Re: Windows Patching - Irrelevant Patches
            Rob Slattery

            Thanks for the reply, Pravin.  We're close to 8.5 but not quite.  We're currently at  Did BMC provide a suggestion on what to do with the irrelevant patches?  Are we supposed to delete them?

            • 3. Re: Re: Windows Patching - Irrelevant Patches
              Bill Robinson

              why do you want to patch w/ irrelevant patches?  you can exclude them from your smart group in the conditions...

              • 4. Re: Windows Patching - Irrelevant Patches
                Rob Slattery

                I don't necessarily want to patch irrelevant patches, how would you actually exclude them?  Software_patch_status_flags* is the only property I can see that deals with irrelevant patches.  I don't think I'd want to get into excluding by patch numbers/qnumbers/etc.

                • 5. Re: Windows Patching - Irrelevant Patches
                  Bill Robinson

                  Yep – SOFTWARE_PATCH_FLAGS* not equal 1 i think (the opposite of the irrelevant patches setting)

                  1 of 1 people found this helpful
                  • 6. Re: Windows Patching - Irrelevant Patches
                    Rob Slattery

                    The way our environment is setup, is we have a catalog and a job associated with the catalog and the catalog smartgroup.  We have the operations team copy/paste the job into their own folder structure.  Will their jobs fail because we currently don't have irrelevant smartgroup excluded?


                    When was this intruduced?  We're currently at


                    What would happen if we deleted everything in the irrelevant patches smart group, would the patches eventually just reappear?

                    • 7. Re: Windows Patching - Irrelevant Patches
                      Bill Robinson

                      1 – i’m assuming yes since all the jobs are referencing the same smart group

                      2 – it’s always been like that since we had catalogs (8.0).  when the CUJ runs, it tags patches as irrelevant based on what it gets from the vendor.

                      • 8. Re: Windows Patching - Irrelevant Patches
                        Rob Slattery

                        Correct for your second bullet but what I'm asking is, why can't we create a CUJ that has irrelevant patches and when was this introduced?  I have been creating a smartgroup for the past two weeks that had MS14-066, MS14-068, and MS14-053 just for comparing results with that of MSPatch tool.  Yesterday, I went to create the same CUJ for someone in Operations and tried to include this smartgroup and I received the above error.  I have never received that before.  I have never received that error ever, and we have had irrelevant patches listed for months.


                        Because of the error, I now have my curiosity buzzing around.  Was it due to the new .170 we installed, possibly the .jar we introduced to fix a bug that would not allow for patches to download?

                        • 9. Re: Windows Patching - Irrelevant Patches
                          Bill Robinson

                          Irrelevant patches are replaced by new ones… if you want to scan for old patches, then don’t run the CUJ.  did you have irrelevant patches in the smart group you were using in the filter of your jobs ?

                          • 10. Re: Windows Patching - Irrelevant Patches
                            Rob Slattery

                            Yes, I did.  From what I can remember, we've always had irrelevant patches smartgroup populated with patches.


                            MS14-066 is kind of a strange bird.  It is replaced by itself (see pic).  And, I'm thinking this is the reason why I'm receiving the above error in the first place.



                            • 11. Re: Windows Patching - Irrelevant Patches
                              Bill Robinson

                              Right, but did the smart groups that you used as a filter in your patching job include irrelevant patches ?

                              • 12. Re: Windows Patching - Irrelevant Patches
                                Yanick Girouard

                                You do not need to exclude irrelevant patches as they are already excluded by default by the Shavlik analyzer which is the engine used by BSA to do patch analysis on Windows. The Shavlik metadata already contains information about which patch is irrelevant (obsolete) and which one should be applied. Unless you specifically want to exclude a KB that is not superseeded by another for a specific reason (i.e. the patch is known to interfere with your application or causes problems), then you shouldn't have to exclude anything else.


                                If however, a patch that SHOULD be superseeded is still showing in your patch analysis results, then it could be that either your patch catalog is not up to date, that Shavlik hasn't yet released an updated metadata file (hf7b.xml) or that there is a bug/incorrect data in its metadata (which happened before), in which case a ticket should be opened with BMC so they can advise and follow-up with Shavlik. It is not however, a bug with BSA that should be worked around using an exclude list of obsolete patches.


                                You should also be running the Remove Irrelevant Patches action on the context-menu of the Patch Catalog after every update, precisely to remove obsolete patches from valid smartgroups you would like to use as part of an include list. If you just updated your catalog and haven't done so, you most likely have irrelevant patches left in valid smartgroups because you haven't used the SOFTWARE_PATCH_STATUS_FLAGS* property to filter them out.


                                01-29-15 8-35-54 AM.png

                                • 14. Re: Re: Windows Patching - Irrelevant Patches
                                  Yanick Girouard

                                  Something is weird indeed, but I don't have this issue on my end because I always run Remove Irrelevant Patches after every catalog update. That said, I checked in my database, and the current MS14-066 bulletin I have may show something in the superceded_by field, but the is_obsolete field is set to 0, meaning it's not marked as obsolete. I would be curious that you check yours to see what it returns for this query (I'm using sqlserver, so if you're on Oracle this won't work...)


                                  select d.name,b.date_posted, b.is_obsolete_bulletin, b.superceded_by from dbo.depot_software_win_bulletin b
                                  inner join depot_object d on d.depot_object_id = b.depot_object_id and d.depot_object_version_id = b.depot_object_version_id
                                  where d.name = 'MS14-066'
                                  1 2 Previous Next