I've been looking and havent seemed to find a way to blacklist an update so it never gets installed... Is there a built-in way or has anyone done anything like this?
Our company's custom application has specific .Net requirements and usually takes a month or so for Development and A&T to fully test any and all .Net updates. A SysAdmin accidently included a .Net update in a policy and patched prod this past weekend which caused tons of issues and loss of revenue.
Questions:
1. Is there a way to "blacklist" an update in PM to ensure it never gets included in a policy? Then whitelist the patch once fully tested...
2. Once a PMImport is done is there a way to delete an update and the update metadata so it doesn' t even show up as available for download, distribution, or compliant/not compliant. Then re-run the PMImport once the update is fully tested... This could be set up as a SQL script to run once a month after the scheduled PMImport is done, or weekly to remove the update.
3. Is there a way to modify the detection rule of an update so it shows "not applicable" when creating policies? Then could be put back once the update has been tested and approved to show as applicable and "not compliant"...
Seems that once a patch is downloaded you can "disable" the patch then purge to delete it, but it still shows up in the PM compliance reports and can easily / accidently downloaded and distributed in a policy again.
I know you can blacklist software, would like to see the same feature for Patch Management. I have been tasked by management to remove the 'human error' factor when creating patch policies, thats almost impossible but I'm just looking to mitigate it at least.
I understand all these scenarios i mentioned would skew the overall Altiris PM compliance reports, but we have our own compliance, risk assessment and acceptance of risk to never install certain updates. The built-in compliance reports are pretty useless to us anyway since to us, a server can be fully patched 100% with all "approved" updates, yet they all show 96% complaint in Altiris because there will always be those 6 updates that we can NEVER install...
Thanks in advance,