An incorrect patch subscription configuration (patch packages - downloaded) can lead to overuse of disk space or consume KACE SMA disk space resources, resulting on performance problems or make the appliance (WebUI) inaccessible.
Additionally, an incorrect configuration of patch subscriptions can result on missing patches.
For more information on this topic, please see the KACE-SMA Course 4 Agent Managed Device Security-Web-based Training.
Patch subscription is the process of selecting the operating systems and applications for which you want to receive patches. List below provides an overview of each patch subscription configuration component and its use:
Note: If the Organization component is enabled on your appliance, select subscription settings for each organization separately.
a) Activate New Patches: Mark new patches as Active. This setting enables patches that match your subscription settings after every download. If this option is not selected, new patches are marked as Inactive.
b) Operating system subscription: Download patches for the selected Windows/MAC operating systems. Locales - Download patches for the selected languages (allows multiple selection).
Note: Patch Management is not available for Linux devices
c) Specify the Operating System Patches
d) Select application patches that better match patching needs or applications installed in the clients (computers).
Note: Types include “Software Installer”, enabling this option can cause a lot of download activity (also consume disk space) and the installation of many software items that are unintended unless your Patch Labels are VERY specific. Take caution when using this option and test it prior performing massive deployments.
e) Managed associated labels
Download only those patches that match the selected labels (Patch Smart Labels).
Note: Prior configuration of patch subscription settings is a requirement prior using Patch Smart Labels to download specific patches. This is an advanced option, if you are new to KACE patching, is easier to have no labels here and use only the filters described above to control what is going to be downloaded and patched.
f) Disable Windows Embedded Patches: Identify Windows Embedded/WEPOS patches and disable them.
Note: "Disable Windows Embedded Patches" is a feature not available KACE versions 6.4.120822 and below.
g) Inactivate Superseded Patches: Mark patches that have been superseded to the Inactive state after every download.
h) Detect Disabled Patches: Identify disabled patches when a Detect job is run.
Important Note: Inactive and disabled patches are skipped during detect and deploy task. Only active patches count for detect and deploy tasks.
'Inactive' and 'Disabled' patches are automatically deleted (patch packages) from the appliance every day during the nightly patch download (also when using patch manual download - Security > Patch Management > Patch Download Settings > Run Now) – These patch packages are deleted only if “Delete unused files after” is enabled (Patch Management > Patch Download Settings).