Patch Management - Users with the latest version still receive an update notification in Self Service

mallej
New Contributor III

Hi,

Users with the latest version of Flash Player still receive an update notification from Self Service because the package definition in Patch Management is not up-to-date.
At the moment the latest Version is 29.0.0.140 and Patch Management knows that but i´m late with the package. So the latest Software Title Definition in Patch Management with a Package is one Version behind the latest.
The Problem is now that the users with the latest version are receiving update notifications and when their are doing it via self service nothing is happening for them. For the users the update process seems to not working.
So i´m asking if this is the expected behavior and its my fault that i´m late with package definition or is this a fail in how Patch Management is handling this.
We are on jamf 10.2.0.
cebe9284cb7c4ad7a5422fe98c32dd65
7a87976934e34b46b63410ce91e28d9d
87804875d61d4605ac4a52987f5ae7b4

1 ACCEPTED SOLUTION

brandon_gil
New Contributor II

Hey, @jensm! It sounds like you may have "Allow Downgrade" selected in your Patch Policy.

The "Allow Downgrade" option dictates whether or not computers with a higher Version of a Software Title than defined in the Patch Policy should be Eligible. Eligible means that it could fall into Scope and receive the Version being deployed by the Patch Policy.

When this option is unselected, a computer that reports a higher Version of a Software Title than the active Patch Policy will not be counted as Eligible and thus not fall into Scope. This means that users with the latest version will not receive update notifications in situations where you don't yet have a package for the latest version.

If this checkbox is selected computers that do not match the Version being deployed by the Patch Policy will become Eligible and potentially fall into Scope.

View solution in original post

4 REPLIES 4

brandon_gil
New Contributor II

Hey, @jensm! It sounds like you may have "Allow Downgrade" selected in your Patch Policy.

The "Allow Downgrade" option dictates whether or not computers with a higher Version of a Software Title than defined in the Patch Policy should be Eligible. Eligible means that it could fall into Scope and receive the Version being deployed by the Patch Policy.

When this option is unselected, a computer that reports a higher Version of a Software Title than the active Patch Policy will not be counted as Eligible and thus not fall into Scope. This means that users with the latest version will not receive update notifications in situations where you don't yet have a package for the latest version.

If this checkbox is selected computers that do not match the Version being deployed by the Patch Policy will become Eligible and potentially fall into Scope.

mallej
New Contributor III

Hi @brandon.gil ,

indeed, Allow Downgrade was selected. That's the cause.
Thanks for that advise.
I would not have expected this behavior and i think it´s wrong. At least it is confusing.
But I think we do not need the Allow Downgrade function anyway.

brandon_gil
New Contributor II

Thanks for the feedback, @jensm. I can pass this along to our User Experience and Technical Communications groups.

dpodgors
Contributor

Sorry to highjack this thread but. We are seeing this with chrome. From one of our users:
Self Service is forcing an "update" of Chrome on my Mac to an older version every day or two. After Self Service reinstalls Chrome at an older version, Chrome auto-updates to the latest version. Then the cycle starts over again with Self Service thinking that Chrome needs an update.

Note: I've updated the version to stop the bleeding.

cf73e95262224fc59e3a552f5af312c6
cb08445897214429ae1b02eea3438fe3