Java as a patch on new systems
Hello we noticed that for some (unknown) time Java is rolled out as a patch for all our machines.
Kace recognizes that this software is "missing" and installs the Java SDK 11.0, 11.0.1 and 11.0.2 on all our machines. As a test, I rebuilt a VM with Windows Server 2019 and started "detect and patch" there. The Java SDKs were installed there as well.
My expectation is that only software that is also on the system is patched.
Does anyone also have this problem?
Answers (3)
The patch schedule in the picture is defined to detect and deploy all patches. I believe that your subscription settings "Classification" has "Full Software," and the Publisher is including "Oracle Corporation." If so, this is working as designed.
A best practice would be to use labels. For example, you can define patching Smart label to target particular types of patches.
Using the Detect and Deploy all patches option is not recommended in a production environment, as there is the possibility of a patch breaking a business mission-critical application. Instead, use labels and first test your patch schedule on one or more test machines. You can change your subscription settings to avoid deploying full software installers.
Yes the settings are correct. We want to get major and minor updates/patches for each installed software. For software that is not yet on the computer - nothing should be installed. We have these settings since the beginning of this year. Only in the last two months we get the old Java SDK. According to the theory we should also get any other software (Adobe, Firefox, etc..). But it is only the old Java SDK 11 (currently I think v16).