Overview of the Custom Patch XML Process

Show Me!

A video tutorial is available on this topic. To access the video, click the following link:

Watch a related video (09:47)

Overview Information

CAUTION! Creating and using custom patch XML files should only be attempted by experienced administrators. Creating and deploying inaccurate custom patches may have seriously adverse effects on the performance of the programs in use at your organization.

Security Controls provides the ability to scan for and deploy patches not supported in the primary data definition file. It does this by allowing you to create your own custom patch XML files that contain the information about the additional patches and products you want to support. Security Controls will then combine your custom XML files with the primary data file and use that modified file when performing scans and deployments.

Within each custom XML file you can define multiple custom products, bulletins, and patches.

  • Custom product: A product not currently supported by the primary XML patch data file. For example, you might have a product that was developed strictly for use within your organization.
  • Custom bulletin: Used to announce and describe a security update. A custom XML file can contain multiple bulletins, and each bulletin can contain multiple patches. Some of the information typically included in a bulletin includes a summary, known issues, a list of all affected software, and a link to the security update (patch) file. Of course, in this case the patch is contained in the same XML file as the bulletin.
  • Custom patch: A software update that is not currently supported by the primary data definition file. A custom patch can be applied to either an existing product or to a custom product. For example, you might receive a special private patch from a vendor, you might create your own patch to a vendor's product, or you might create a patch for your own custom product.

One major difference between a regular patch and a custom patch is that you cannot download a custom patch to the patch download directory in advance of a deployment. Rather, you must make the patch available by manually copying the patch to all expected locations (typically to the console as well as any distribution servers).

If you are using agents to deploy custom patches, be certain you enable the Use Server by IP Range check box on the deployment template used by the agents. Custom patches cannot be downloaded from a vendor and the agents must therefore be able to download the custom patches from one or more distribution servers. See Deployment Template: Distribution Servers Tab for more information.