6 Replies Latest reply on Jan 27, 2020 2:20 AM by Ted Namias

    OpRule step zu erase old patches on clients

    Philipp Ernicke
      Share This:

      Hi Guys,

      Maybe I have something for you.
      Unfortunately the PatchManagement does not delete any setups, as long as the program is assigned to any PatchJob. So I thought to myself, I'll take that into my own hands with an operating rule step.

      It has cost me the whole day but now it finally works.

      My custom step deletes all files older than 2 months from ..\data\PatchManagementPremium\Patches\Jobs.
      The step detects and deletes EXE, MSI, MSU and MSP files in all subfolders of the Jobs folder, even if there are more than one.

      The above path is set as default and should work even if BCM is not installed on C:\  (I could not test it).

      I have chosen 2 months because every PatchJob had at least 2 times the chance to install the product before the setup is deleted.

      Since you can not freely assign the parameter name (which is in front of the input field), I have currently refrained from making the number of days adjustable. It would work, but before the input field would stand some nonsense. I can not change the text on the mouse-over either. Unfortunately, I can only rely on existing texts. That's why I let it be (for now).



      To make it run, you have to copy both attached files to ..\Master\data\Vision64Database\opsteps and run

      You will find the new step at:

      Anyone who has licensed PatchMgmt may use this step, even if SoftwareDeployment has not been licensed.



      Please tell me what you think about it. If you like it and/or use it, I would of course be happy about a Like



      I have tested the rule on two system dozens of times, however, I accept no liability for any damage resulting from improper use of the rule.



      Have a nice weekend,



        • 2. Re: OpRule step zu erase old patches on clients
          Ted Namias

          Hi Philipp,

          Client management is managing the deletion of patches by itself. It will depend on the number of reboots occurring after the patch installations.

          It is not a good way to remove patches because they can be used by Shavlik after reboot to finalize the installation.

          The policy of patch deletion is complex as we have to wait 3 reboots after a patch installation to be sure it cannot be needed by Shavlik for post-installation operations.


          Nevertheless, we have identified some cases when patches are not deleted whereas they should be. A fix has been done in order to delete patches as soon as it is possible. It is available in versions:,,


          Can you tell me if you are using one of these versions? If no, an upgrade should improve the situation. If yes, a look into your client sqlite is needed to understand why patches are still present.

          • 3. Re: OpRule step zu erase old patches on clients
            Steve Gibbs

            Great answer Ted! I REALLY appreciate the "detailed" responses that you provide. There are times where a device may be removed from a Patch Job/Deployment and it has appeared that some folders with LOTS of patches are "just taking up space".


            Can you provide any guidance as to when it is safe to delete any of these folders? After 6 months? If no longer a member of a specific job or deployment?  Some customers need to free up space on end points and sometimes resort to deleting some of these folders.


            Thanks again for providing your level of knowledge with the group!


            Maybe we should have quarterly Webinars called "Ask the Experts" and we can all benefit and use BCM more effectively!

            • 4. Re: OpRule step zu erase old patches on clients
              Ted Namias

              Hi Steve Gibbs

              It is not a matter of times but of reboots. After 3 reboots a patch is considered as not needed anymore on the drive and can be deleted. We have a counter in the sqlite for each patch to evaluate that.

              If you use or upgrade to one of the following versions,,, after the first reboot following a patch installation, a cleanup  should delete the patches that are not required anymore by Client Management. You will find this log message and the detail of what is done.

              Log: Clean up for patch groups folders

              For each patch group folder on the drive

              - Log: Removed folder xxx as it is not referenced in sqlite. OR

              - Log: Folder is kept as Patch group xxx is still referenced in sqlite.

              If folder is still present after that check, each patch in the folder is verified.

              - Log: Removed file (zzz) as it is not referenced in Patch group xxx. OR

              - Log: File (zzz) is kept on hard drive as it is referenced in Patch group xxx.

              Same steps for patch jobs...

              If you are in a Client Management version that includes the fix and still have not needed patches in your folders after the process described above, an analyze of the sqlite will be required to understand why they are not removed.

              • 5. Re: OpRule step zu erase old patches on clients
                Philipp Ernicke

                Hi Ted,


                I can now confirm that there were patches deleted in:



                C:\Program Files\BMC Software\Client Management\Client\data\PatchManagementPremium\Patches\Jobs\1013\

                C:\Program Files\BMC Software\Client Management\Client\data\PatchManagementPremium\Patches\Jobs\1013\Base\Patches


                but there are still a lot of old patches in:


                C:\Program Files\BMC Software\Client Management\Client\data\PatchManagementPremium\Patches\Download\English

                C:\Program Files\BMC Software\Client Management\Client\data\PatchManagementPremium\Patches\Download\German



                Kind Regards,

                • 6. Re: OpRule step zu erase old patches on clients
                  Ted Namias

                  Hi Philipp Ernicke


                  Your confirmation means patches are correctly removed on client side.


                  data\PatchManagementPremium\Patches\Download... is the place where patch manager is downloading patches not client.


                  To make them deleted, a parameter exists: StoragePatchOption in PatchManagementPremium.ini PatchDownload section.

                  Value can be:

                  - 0: Default value. Delete downloaded patches once packages are published

                  - 1: Always keep downloaded patches in their download path

                  - 2: Move downloaded patches to local patch repository once packages are published.


                  Can you check the value of this parameter is 0. If not, change it to 0 and next downloaded patches will be removed once published on the master. This behavior is the same if patch manager is the master.