Frequently asked questions

Learn the answers to frequently asked questions.

The Manage Download Plug-ins dashboard is not reflecting any data. What do I do?
Here are some steps you can do to troubleshoot the issue:
  • Gather the latest Patching Support site.
  • Activate the Download Plug-in Versions analysis, available from the Patching Support site.
  • Clear the BigFix console cache.
Where are my dashboards located in the BigFix Console?
The updated BigFix Console contains the same content as the previous version, although some content might have moved to a different location.
The following list shows the contents and their locations:
  • The Patches Overview dashboard is in the Patch Management domain, on the upper part of the page.
  • The Patch Overview Dashboard is in under All Patch Management, Alternatively, you can also find the dashboard under the Patch Support site.
  • Some dashboards are located under OS Vendors > Microsoft Windows.
What do I do if a patch fails to install?
If a patch fails to install, there are several things that you can try:
  • Determine if you have applied the patch to the correct computers.
  • Try running the patch manually by downloading it from the Microsoft website.
  • Review Windows updates.
  • Look at the Microsoft Baseline Security Analyzer (MBSA) to see that the tool considers the patch to be applicable.
If the patch still fails to install, contact HCL Software Support.
Why does a patch fail, but complete successfully?
Sometimes under specific circumstances, a patch is successfully applied but the relevance conditions indicate that it is still needed. Check to see if there are any special circumstances associated with the patch, or contact HCL Software Support.
Why is there no default action?
There are various reasons for why there is no default action. Sometimes a Fixlet or a patch might have catastrophic consequences. It is highly suggested that you test the Fixlet on a test bed you apply the Fixlet or patch. There might also be multiple actions with the Fixlet, none of which are clearly suggested over other actions.
Note: It is highly suggested that you read the Description text in the Fixlet before you start the action.
What does "Manual Caching Required" mean?
In some instances, a particular vendor might not be providing a download directly to their link. In this case, click through that vendor's End User License Agreement and manually download it to your BigFix server.
What are Corrupt Patches and how are they used?
Corrupt patches in Windows are when BigFix detects that a patch looks like it began running but did not complete. These patches become relevant to indicate that something is wrong with the security patch. To remediate, take the appropriate action to reapply the patch.
What are superseded patches?
Superseded patches are earlier versions of patches that no longer need to be applied.
How do I deal with missing patches?
BigFix does not provide Fixlets for every patch that Microsoft offers. For more information, see the related FAQ entry on the types of patches that are supported by BigFix. You can also contact HCL Software Support.
What are non-security updates?
Non-security updates are all updates except security updates. Non-security updates include critical updates, service packs, and update rollups. BigFix supports critical updates and service packs. For more information about the types of updates that are supported by BigFix, see the wiki article on Supported OS.
What types of patches are supported by BigFix?
BigFix supports security and non-security updates. Non-security updates include critical updates and service packs. For more information about the types of updates that are supported by BigFix, see the wiki article on Supported OS.
What does 'Known Issue' mean?
A 'Known Issue' is a term that is used by Microsoft in the KB articles. You are advised to refer closely to details of known issues that are indicated in the KB articles.
Are hotfixes supported by BigFix?
Hotfixes are not supported. Customers are advised to contact HCL Software Support for critical hot fix requests. The BigFix Patch team will thoroughly assess each request and provide content on a case by case basis.
What is an audit Fixlet?
An BigFix audit Fixlet is a Fixlet that does not have an action script that is associated with it. An audit Fixlet does not change anything; it just alerts you about an issue. Audit Fixlets do not have action scripts; they require manual intervention. For example, an audit Fixlet might become available regarding a software patch upgrade where you must manually install the patch.
Does Patch Management for Windows still support Microsoft products that reach their end of life?
Microsoft no longer releases updates for Microsoft products that reach their end of life (EOL). Patch Management for Windows also no longer releases new content for Microsoft products that reach their end of life. One example is Microsoft Windows 2000 and all its editions. These editions include Windows 2000 Professional, Windows 2000 Server, Windows Server 2000 Datacenter, and Windows 2000 Advanced Server.
Does Patch Management for Windows support cross-language installation?
Cross-language patch application is currently not supported. For example, a user cannot deploy a Fixlet from the Patches for Windows (English) site to an operating system in a different language. Users can either change the setup or, alternatively, work around the issue by making a custom copy of the Fixlet and removing the relevance checking for OS language. Users are strongly encouraged to perform tests before applying the workaround.
The Custom Repository Setting feature requires adding the custom repository directory in a whitelist. What happens if this is not done?
When the custom repository directory is not added to the whitelist, a download error indicates that the requested URL does not pass the deployment of the download whitelist. The whitelist text is located at <BES Server Install Path>\Mirror Server\Config\DownloadWhitelist.txt.
The modification time got changed in the Fixlet. Why can't I see any difference?
There are a number of reasons why the modification time in a Fixlet might change, such as content modifications, localization changes, and MIME field updates. Localization changes and MIME field updates are usually not visible to users. No action needs to be taken and no patches need to be re-deployed because of these changes.
Why is the Source Release Date after the First Release Date in BigFix?
When a source vendor updates their software. the source release date may be after the first release date. For example, virus update Fixlets may show daily changes to their source release date but show an older BigFix first release date.
How can I make better use of the MIME for product name and component?
See the 'Filtering by product family and added Fixlet MIME fields' wiki here:!/wiki/BigFix%20Wiki/page/Filtering%20by%20product%20family%20and%20added%20Fixlet%20MIME%20fields.
What is the correlation between the Microsoft and BigFix categories?
The article 'Difference in category terms used by Microsoft and BigFix' provides the category terms that Microsoft and BigFix use.!/wiki/BigFix%20Wiki/page/Difference%20in%20category%20terms%20used%20by%20Microsoft%20and%20BigFix.
Where does BigFix base the value of the Source Severity field?
Source Severity is a field that is shared by all Fixlets. BigFix bases the source severity on the Windows and non-Windows vendors. For Microsoft security content, Patch Management for Windows follows the severity rating system of the Microsoft Security Response Center (MSRC).
What is the 'MIME_no-relevance-health-check' Fixlet field used for?
This MIME field is used to skip the Action Size check for content that contains lengthy relevance. This Fixlet field is for internal use only.
Can BigFix break down large cumulative updates?

BigFix cannot break down large cumulative updates by taking note of the difference. By design, Microsoft should already be covering that function. According to Microsoft: “Only the files that are different are copied down to a Download folder on the local computer, and they’re downloaded in a compressed form. This helps reduce the size of the download..“

For more information, see

Which ports does the network share location use when updating Microsoft Click-to-Run products?
The Network Share location uses the following ports for TCP and UDP connections:
  • TCP: 139, 445
  • UDP: 137, 138
For more information, see
What cache and server sizes should I consider when my update source is the client's cache folder?
The direct download method pushes the entire binary through the BigFix architecture. You must consider the download and relay cache sizes.
  • Server: 4GB or more
  • Client: 4GB or more
I'm having trouble uninstalling Java Runtime Environment Fixlets from my deployment. What could be the cause of this issue?

The uninstall issue might be a result of having 32-bit and 64-bit JRE versions on the same machine. BigFix does not support multiple JRE versions in the same machine.

For example, if you have JRE 8u91 32bit, JRE 8u91 64bit, and JRE 8u121 32bit, the uninstall Fixlet would not be able to uninstall 8u91 32bit, because there is a mix of 32-bit and 64-bit JRE versions.

You can refer to for sample Fixlets to uninstall Java. is a community website that has user-generated content.