Home
Patch User Guides
BigFix Patch provides an automated, simplified patching process that is administered from a single console.
Patch for Windows User's Guide
BigFix Patch for Windows™ provides Fixlets for Microsoft™ security and non-security patches. Dashboards, wizards, and reports aid you in managing updates for various endpoint devices.
Patch for Windows
You can manage Fixlets using dashboards, reports, and wizards. You can deploy, fix, and uninstall Fixlets. You can also view the breakdown of Fixlets available or needed in your deployment.
Supersedence

Patch User Guides
BigFix Patch provides an automated, simplified patching process that is administered from a single console.
- Patch for Windows User's Guide
  BigFix Patch for Windows™ provides Fixlets for Microsoft™ security and non-security patches. Dashboards, wizards, and reports aid you in managing updates for various endpoint devices.
  - Overview
    Patch for Windows™ creates Fixlets for the patches that Microsoft™ issues. The BigFix agent checks the registry, systems language, and other factors to determine if the patches are not installed or if an installed patch is corrupt. Notes® placed in the Fixlet® descriptions help Console Operators work around potential issues.
  - Patch for Windows
    You can manage Fixlets using dashboards, reports, and wizards. You can deploy, fix, and uninstall Fixlets. You can also view the breakdown of Fixlets available or needed in your deployment.
    - Patch using Fixlets
      From the console, you can select the action for the appropriate Fixlets that you want to deploy. The action propagates across your deployment. Patches are applied based on the settings that you make in the Fixlet work area and the Take Action dialog.
    - Supersedence
    - Windows Patch Client settings
    - Patches for Windows Overview dashboard
      Use the Patches for Windows Overview Dashboard to view the breakdown of security and non-security patches that are needed in your deployment.
    - Patch Overview dashboard
      View patch site information in your deployment including the most relevant items in deployment and comparisons of critical patches against other patches by site. The dashboard shows all the patches in your deployment, not just those for Windows. Set view options to see the last 10 actions done for every site.
    - Uninstalling patches
      Enter the Microsoft Knowledge Base (KB) number in the Rollback Task Wizard to uninstall patches.
    - Fixing Corrupt Patches
      Use the Corrupt Fixlet Wizard to fix multiple corrupt Fixlets and to create Fixlet copies or baselines without rebooting.
    - Using the Corrupt Patch Deployment wizard
      Use the Corrupt Patch Deployment Wizard to fix corrupt Fixlets by using Fixlet copies or existing baselines.
    - Patch Microsoft Office
      You can deploy Microsoft office updates and patches using Administrative, Network, and Local installation.
  - Installing and updating Click-to-Run products
    Install and update content for Microsoft Click-to-Run products through BigFix Patches for Windows.
  - Navigating Windows Application Update Patches in the BigFix console
    From the console, you can select the Action for the appropriate Fixlets that you want to deploy. The Action propagates across your deployment and applies patches based on the settings that you make in the Fixlet work area and the Take Action dialog.
  - Using the custom repository setting feature
  - Frequently asked questions
    Learn the answers to frequently asked questions.
- Patch for AIX User's Guide
  BigFix® for Patch for AIX® provides an automated, simplified patching process that is administered from a single console. It gives you unified, near real-time visibility and enforcement to deploy and manage patches to all AIX endpoints.
- Patch for Red Hat Enterprise Linux User's Guide
  BigFix Patch for Red Hat Enterprise Linux provides an automated, simplified patching process that is administered from a single console. It gives you unified, near real-time visibility and enforcement to deploy and manage patches to all Red Hat Enterprise Linux endpoints.
- Patch for CentOS Linux User's Guide
  BigFix® Patch for CentOS Linux™ provides an automated, simplified patching process that is administered from a single console. It gives you unified, near real-time visibility and enforcement to deploy and manage patches to all CentOs endpoints.
- Patch for SUSE Linux Enterprise User's Guide
  BigFix Patch for SUSE Linux Enterprise provides an automated, simplified patching process that is administered from a single console. It gives you unified, near real-time visibility and enforcement to deploy and manage patches to all SUSE Linux endpoints.
- Patch for Ubuntu User's Guide
  BigFix Patch for Ubuntu provides an automated, simplified patching process that is administered from a single console. It gives you unified, near real-time visibility and enforcement to deploy and manage patches to all Ubuntu endpoints.
- Patch for Oracle Linux User's Guide
  BigFix® Patches for Oracle Linux provides an automated, simplified patching process that is administered from a single console. It gives you unified, near real-time visibility and enforcement to deploy and manage patches to all Oracle Linux endpoints.
- Patch for Solaris User's Guide
  BigFix Patch for Solaris provides an automated, simplified patching process that is administered from a single console. It gives you unified, near real-time visibility and enforcement to deploy and manage patches to all Solaris endpoints.
- Patch for HP-UX User's Guide
  BigFix® for Patch for HP-UX provides an automated, simplified patching process that is administered from a single console. It gives you unified, near real-time visibility and enforcement to deploy and manage patches to all HP-UX endpoints.
- Patch for Mac OS X User's Guide
  BigFix® for Patch for Mac OS X provides an automated, simplified patching process that is administered from a single console. It gives you unified, near real-time visibility and enforcement to deploy and manage patches to all Mac OS X endpoints.
- Patch for Debian User's Guide
  BigFix Patch for Debian provides an automated, simplified patching process that is administered from a single console. It gives you unified, near real-time visibility and enforcement to deploy and manage patches to all Debian endpoints.
- Patch for VMware ESXi User's Guide
  BigFix Patch for VMware ESXi provides you unified, near real-time visibility to manage patches to all VMware ESXi endpoints from a single console.
- Patch for Raspbian User's Guide
  BigFix Patch for Raspbian provides Fixlets that you use to manage the latest updates and service packs that Raspberry Pi releases. These Fixlets are available through the Patches for Raspbian sites.
- Virtual Endpoint Manager User's Guide

Supersedence

Supersedence is a property of Fixlets used in BigFix that provides multiple packages.

Superseded Fixlets are Fixlets that contain outdated packages. When a Fixlet is superseded, a newer Fixlet is created to replace it with the newer version of the packages. The description of the Superseded Fixlet contains the new Fixlet ID.

Figure 1. Superseded Fixlets

Understanding how Superscedence works in Patch

Superseded patches with FALSE Statement.
When the Windows application patches are superseded, BigFix does not allow you to install them by adding a relevance statement set to FALSE. These Fixlets will no longer become relevant for endpoints and you can use the latest Fixlet to patch your endpoints.
Superseded Controlled Patches.
In the latest version of BigFix Patch, there is an option to continually evaluate the applicability of the superseded patches.
- Superseded Windows OS patches maintain their current applicability relevance and introduces an option to continue reporting relevant to endpoints that have not yet installed a patch (or a Superseding Patch).
- This change allows you to continue reporting on older OS vulnerabilities because Superseded Patches can continue to report applicability when the vulnerability has not been patched.
To deploy a Superseded Patch on an endpoint, set the client configuration parameter _BESClient_WindowsOS_EnableSupersededEval to 1.
For details on client configuration settings, see BigFix Configuration Settings.

Note: BigFix does not supersede security updates with non-security updates because the security information (CVE-Values) is tied to a specific security update as well as the classification ("security update" vs "update"). Superseding them results in false security report.

For example, if you do not patch the latest updates on endpoints and you supersede the security updates, then you see only the non-security updates relevant, since it is not a security update. The report says that you do not have to do anything because endpoint is secure which is incorrect.

Note: Fixlets that are in a superseded state for more than a year will be removed and moved into an archive site. If any customer wants the masthead for an archived site, they should reach out to their BigFix Point of Contact.