Introduction
This article covers various FAQ's around patches provided through LANDESK content which have come up over time to both inform & demystify what is as well as what is not actually true.
How does LANDESK deliver patches?
LANDESK enables the automatic download of patches that are freely available. Some examples of this would be updates to the following:
- Updates for Microsoft(*) operating systems and most of their applications.
- Updates for Adobe(*) Flash(*) player
- Updates for CentOS(*) operating systems
Such freely available patches/updates are not blocked by legal agreement requirements and generally accessible to users of the relevant product(s).
LANDESK will usually link directory to the relevant manufacturers' download locations.
In a few instances, LANDESK may host copies of patches on its own servers to provide better connectivity / service to areas of poorer connectivity. In all such cases however, the patches are always the patch-providers' own files that remain completely unaltered.
A separate explanation for why certain patches/updates are NOT permitted to be downloaded through the Management Suite is explained below.
Common questions / situations
Why are some patches not available for download?
This is applicable to patches for either products or entire operating systems which require either of the following:
- A paid for support agreement in order to access the physical patches
- Some sort of "legal acceptance" of terms/conditions and/or an actual signature of some sort before the relevant patches are downloadable.
- Patches that aren't publicly available (such as Microsoft Hotfixes which must be requested with them directly). Often such files "eventually" become public (and when they do, we'll make enable them to be downloaded from the relevant public link).
In such cases, LANDESK provides patch-content but not the patch-files themselves. If a customer downloads the patches (going through the agreement-process or accepting the relevant terms & conditions), then these patches can be deployed with & remediated through LANDESK Management Suite "as normal".
The process to inject such a patch and make LANDESK aware of its existence is essentially as follows:
- Download the patch(-es) from the respective 3rd parties - accepting the relevant terms & conditions / arranging for the required support agreement.
- Copy the binaries into the "(...)\LDLOGON\PATCH\" directory on the Core server (by default - though the location of the patch share is configurable) .
- Run the tool to download patch content. One part of this process is checking "what files do I have available to me" and this will then pick up the newly available files (and check against a check-sum to make sure that the files are what we expect them to be).
A full article dedicated to the topic of "How to use manually downloaded patches" can be found in community DOC-36094.
Examples of products that require such an agreement include, but are not limited to:
- Red Hat(*) (operating systems)
- Various Oracle(*) products
I've found a problem with a patch downloaded with LANDESK - what are my options?
This covers situations such as "I've found malware in a patch-file", "Installing the patch BSOD's my system" and similar problems relating specifically to patch files (essentially - any problem that will arise by installation of the patch without ANY interaction with LANDESK Management Suite).
LANDESK categorically does not alter the contents of patches. Any problems with the patches themselves should be reported to the respective software supplier and be handled with them.
For cross-over issues where certain problems ONLY seem to occur when both LANDESK elements and 3rd party elements (such as a patch) are involved at the same time, you can either open up contact to whichever party you feel is "more at fault" or even (usually most useful) open support calls with both LANDESK and the supplier of the patch.
I have problems with patch content itself (definitions) - what are my options?
This covers such situations as false positives, false negatives, and any other form of problem stemming from the content provided by LANDESK around a given patch/vulnerability.
The solution here is fairly simple - log a support call with LANDESK technical customer support, providing details around the issue. Usually logs will be required and access to relevant devices for more in-depth tracing/debugging may be required at some point.
All this will be dealt with on a "per case" situation - such issues are a normal part of the range of issues deal with by the regular support channels.
Less common / miscellaneous questions & situations
Does LANDESK change patches?
LANDESK does not change patches from other vendors, as has been explained above.
LANDESK will download patches to develop script-content to install them and use the files themselves to calculate hashes (to ensure that files are healthy). But LANDESK does not interfere with patches themselves.
Since a name & a hash are checked, you can always manually download the respective content yourself & make LANDESK Management Suite aware of their presence by following the instructions under "Why are some patches not available for download" above.
What if Adware / bundled software or similar is found in a patch?
LANDESK will usually try to identify a version of a patch which does not have any of these, in as far as possible. LANDESK will not change the contents of a file provided by one of the vendors for whom we provide content in the Patch Manager / Security Suite elements of the Suite.
While malware / spyware are clearly malicious in nature, adware (and bundled software) are a much more gray area. These can be included at the relevant software vendors' own discretion in files served as their patch content.
Where possible, LANDESK will try to point to updates which do not have any of the above included. But if patch content for a product is exclusively released with some form of adware / software bundle then there is not much that we can do about it.
In such situations we would request that you (as the customer) contact the relevant software vendor & request them to release patches / updates without adware / software bundles included.
Conclusion
The article should hopefully answer most questions and concerns around how LANDESK treats & provides patches. The article is very much intended as a living document.
* Registered trademarks and Names are property of their respective owners.