Kaseya Community

deny a patch that was already approved

This question has suggested answer(s)

we had SQL SP4 accidentally get approved. luckily (i think) it tried to install twice but failed. now that its failed, i want to revoke or deny this patch so it doesnt try to install it again next week. is there a way to do this in the GUI? i can't seem to find anything.

All Replies
  • I am having the same issue..  I am also looking for a way to bring a rejected patch into a review state.  

  • This has been a problem since the onset of Software Management module it seems.  I have had tickets in since November I believe.  The latest ticket is well over 2 months old and get the run around from support.  I had hoped it would be fixed in 9.5 but no.   Even if you put this KB4057114 in the override section, it still continually tries and fails.  

    I like you wish Reject patch would work, and put it in a hidden state (where later you could unhide it) but would cease trying to install, and would remove from the vulnerability count.

    The problem is not only this patch, but several others that have been recalled by Microsoft, or superceded by later rollups, etc.

    Just some of the problem KB's that won't install and drive me nuts are:  KB4093113 (superceded by KB4093118, 13 is known to break 18), KB976002, KB2529073, KB2775511, KB2732673, KB2905454, KB2520155, & KB3125574.

    Most likely this reply will be deleted, as "they" seem to have deleted my posts anytime I bring this up.  Frustrated this is being ignored by support.

  • so what you are saying is there is this patch will continually try to install itself?

  • This was added in Within the Software Management module on the Machines page, if you have a machine selected, you can see all of the missing patches in the bottom window. Select an approved patch, and you can use the 'Reject Patch' button to deny the patch.

  • With all due respect, it doesn't work.  They still stay in the list and still repeatedly keep trying and failing.

    Also, under Override, if the KB is listed, it still repeatedly keeps trying and failing.

    I've made Kaseya aware of this multiple times, demonstrated in multiple remote connect sessions, and keep getting the run around and them stalling.  

  • https://imgur.com/a/XDzsNOD   Here's a screenshot.  Shows "reject patch" is grayed out, override is setup and additional attempts to resolve

  • The issue that we have run into is that a patch gets approved we then want to change it to deny but no easy way to do so. Right now you have to do it on a per machine basis to change the approval. hard to do if you dont know all the machines that got it approved. have a feature request in to be able to change the patch approval  after the fact at a profile level.

  • Hey Guys,

    This is correct.  This is currently a feature request at the time being.

  • How is that a feature request?  Does this not seem like something that would be an absolute requirement?  We need to be able to remove old patches from the list at a profile level, just like PM.  I don't feel like clicking every machine and rejecting..  Right now I have January Monthly Rollup approved..  Id like to reject this and approve April's..  

    Maybe im wrong, and my methods are wrong and I should leave old rollups as approved..  What happens to a newly provisioned workstation?  Will it install jan, then feb, then march in the proper order including all the bugs that came with them..  

  • That is correct, this can't be a "feature request" as too many times recently Microsoft has released a monthly security rollup, only to have a monthly service update 2 months later that will not install or break if a previous rollup is installed.   Good instance of this is the April 2018 Monthly Security Rollup for .NET Framework will fail if the January 2018 Monthly Security Rollup for .NET Framework is installed.

    Not only that, Kaseya attempts to install some obsolete patches (that have been superseded by newer patches), and patches that they have recalled by Microsoft that will continually fail, and ones they were approved there is no way to stop this and it's a constant headache.

    There are major issues with how these patch failures are handled that are systemic to the product, not a missing feature.

  • same sentiment here, if you are going to introduce a module that is supposed to replace the patch management one, if you cant parity the features on the existing one, whats the point?

    with that being said, whether its a bug, feature request, etc. what i want to know is, what is the work around? from my POV the only thing i can think of is to create an identical policy, get the approval/rejection correct then remove and add the new one.

  • Still waiting for a fix on this one. I can 'reject patch' and refresh, but nothing changes. Also, rejecting a patch on a machine by machine basis is a nightmare.

  • Has this been addressed yet?

  • Same issue here. I want to know that a patch is denied and not have to deny it on a machine-by-machine basis. I my case, I have a custoomer who absolutely does not want the Citrix client software updated on PCs due to past problems. However, there is no way to feel confident that the patch has been denied as there is no visible "Status" field shown on screen.

    Bizarrely, if you run a report in Info Centre and include the "Approval Status" field, it does show the patches as rejected.

    Can we please, please, please have the "Approval Status" included on the Vulnerabilities tab? The "Status" column seems to show pending patches but not whether it's approved or denied.

    typos corrected
    [edited by: Mark_N at 11:55 AM (GMT -8) on Jan 3, 2019]
  • Kaseya - Oscar maybe...

    How about this 'feature request' then? Does the .17 patch 'merge policies feature' mean a Deny does work and maybe is even visible, testable, usable and workable (to name but a few lovable wishes and features)....?