Block Driver updates in new Windows Patch Management

How does one block/ignore “some” windows driver and the like updates that have no KB attached to them?

You can’t block “some” drivers. Drivers are their own category, so you either block them or you don’t.

You can then got to the asset to see any that were rejected, and choose to override and install if need be.

Thanks…I guess that is okay…

Is there a report one can run to show all assets that have failed/rejected updates rather than having to go in one by one to each asset?

There is a Missing Patches by KB report, but I think that only lists ones that have a KB on them, and I’m not sure if it lists rejected ones.

Maybe @Andy can clarify if there is a better way.

I have to say I was hoping this would allow us to block specific driver updates by name.
Looks like driver updates are going to stay disabled instead.

You can report on missing patches by KB, but not rejected/excluded patches. Just curious what the use case is for rejecting an entire category on a policy and then needing to report on it?

First issue:
More a case of being able to seletively ignore some driver updates would be good…if we have a rouge driver update (think generic text printer updates) that refuse to install then we have a choice of reject all driver updates on all endpoints or continually see a few drivers as outstanding to be installed on some endpoints to which they refuse to install.

Second isse:
I cannot work out where there is a report I can run that will show me all failed updates for endpoints…I don’t want to have to go in to each endpoint one by one to see what has failed…I don’t mean driver updates per se, I mean any update that may have failed to install (but not KB updates…so all updates that have failed that are not KB updates)

Lastly:
Even if we have rejected on drivers, be able to run a report to find all the endpoints with rejected drivers so we can decide which drivers we should install manually and which will continue to reject would be good…rather than going in to each endpoint one by one.

I could be wrong and all of the above is possible, sorry I a new to Syncro and still learning the ropes so I am happy to be put straight and shown how to do what I have suggested above.

1 Like

Go to Reports Section - RMM - Missing Patches by KB

image

Thanks @mgiordano - how about failed updates that don’t have a KB? Like drivers, other etc.?

I think you’re out of luck there. But I could be wrong. I haven’t found one.

Vulnerable Systems Report

Any good for you ?

So it is NOT possible to ignore the “Microsoft driver update for Generic / Text Only” update that has no KB and is showing in all my Vulnerable Systems Reports then? That’s… awesome.

First issue:
More a case of being able to seletively ignore some driver updates would be good…if we have a rouge driver update (think generic text printer updates) that refuse to install then we have a choice of reject all driver updates on all endpoints or continually see a few drivers as outstanding to be installed on some endpoints to which they refuse to install.