Jamf Nation Community

mallej · ‎04-16-2018

Hi,

Users with the latest version of Flash Player still receive an update notification from Self Service because the package definition in Patch Management is not up-to-date.
At the moment the latest Version is 29.0.0.140 and Patch Management knows that but i´m late with the package. So the latest Software Title Definition in Patch Management with a Package is one Version behind the latest.
The Problem is now that the users with the latest version are receiving update notifications and when their are doing it via self service nothing is happening for them. For the users the update process seems to not working.
So i´m asking if this is the expected behavior and its my fault that i´m late with package definition or is this a fail in how Patch Management is handling this.
We are on jamf 10.2.0.

brandon_gil · ‎04-16-2018

Hey, @jensm! It sounds like you may have "Allow Downgrade" selected in your Patch Policy.

The "Allow Downgrade" option dictates whether or not computers with a higher Version of a Software Title than defined in the Patch Policy should be Eligible. Eligible means that it could fall into Scope and receive the Version being deployed by the Patch Policy.

When this option is unselected, a computer that reports a higher Version of a Software Title than the active Patch Policy will not be counted as Eligible and thus not fall into Scope. This means that users with the latest version will not receive update notifications in situations where you don't yet have a package for the latest version.

If this checkbox is selected computers that do not match the Version being deployed by the Patch Policy will become Eligible and potentially fall into Scope.

View solution in original post

brandon_gil · ‎04-16-2018

Hey, @jensm! It sounds like you may have "Allow Downgrade" selected in your Patch Policy.

The "Allow Downgrade" option dictates whether or not computers with a higher Version of a Software Title than defined in the Patch Policy should be Eligible. Eligible means that it could fall into Scope and receive the Version being deployed by the Patch Policy.

When this option is unselected, a computer that reports a higher Version of a Software Title than the active Patch Policy will not be counted as Eligible and thus not fall into Scope. This means that users with the latest version will not receive update notifications in situations where you don't yet have a package for the latest version.

If this checkbox is selected computers that do not match the Version being deployed by the Patch Policy will become Eligible and potentially fall into Scope.

mallej · ‎04-17-2018

Hi @brandon.gil ,

indeed, Allow Downgrade was selected. That's the cause.
Thanks for that advise.
I would not have expected this behavior and i think it´s wrong. At least it is confusing.
But I think we do not need the Allow Downgrade function anyway.

brandon_gil · ‎04-17-2018

Thanks for the feedback, @jensm. I can pass this along to our User Experience and Technical Communications groups.

dpodgors · ‎02-04-2019

Sorry to highjack this thread but. We are seeing this with chrome. From one of our users:
Self Service is forcing an "update" of Chrome on my Mac to an older version every day or two. After Self Service reinstalls Chrome at an older version, Chrome auto-updates to the latest version. Then the cycle starts over again with Self Service thinking that Chrome needs an update.

Note: I've updated the version to stop the bleeding.

Jamf Nation Community

Patch Management - Users with the latest version still receive an update notification in Self Service