Messages

Hi muja1913,

You can see the list of apps in our catalogue here: https://patchmypc.com/supported-products

You can see this FAQ item about submitting requests here: https://patchmypc.com/frequently-asked-questions#new-product-request

I hope this helps.

Hello,

We use PMPC and Advanced Insights for reporting purposes, currently our workloads are set to Configuration Manager, and our plan is to standardize on a single endpoint management tool, Intune, hence the CoMgmtSettings slider has to be moved to Intune.

Obviously, there is a lot that we need to migrate before we can do that, and I know AI support for Intune is on the roadmap (not sure of the ETA, but I did read that PMPC will share more by EOY), but in the interim, if we move all workload to Intune, keep MECM/CCM Agent for inventory/reporting purposes only, how effective will the reporting in AI be?

As an example, if we are not pushing patches via MECM, would that break the software updates reporting capabilities in AI?

Hey c3rberus,

Sorry for our delayed reply.

Once you move the workload for Windows Update Policies to Intune, clients will not submit their compliance data to WSUS/ConfigMgr for Windows updates - however they will still for third-party updates.

This is true for as long as you keep the Software Updates policy enabled in the Client Settings for ConfigMgr and the option "Enable third-party software updates" set as "Yes". Once you turn the software updates component entirely off, however, then all software update reporting (inc. third-party updates) will not be visible in Advanced Insights.

However, the device will still submit hardware inventory to ConfigMgr, so for everything else, excluding software updates reporting, Advanced Insights will still be capable in that regard.

I hope this helps. Let me know if you have more questions.

Since the last update of our SCCM application, Oracle Java 8 (x86) fails to install with error 32768.
Application version: 8.0.4310.10.
Created by Patch My PC Version 2.1.28.0

Hey Wideco,

Sadly, there isn't enough information for me to understand root cause. Perhaps some logs might help me understand what's going on? Kindly share the relevant logs: https://patchmypc.com/logs

You're welcome to .zip them up and share them here, email [email protected], or upload them to https://patchmypc.com/share.

Hey Rob, we will get this out today!

Thanks Frank

I'm personally not familiar with our Home Updater - you originally posted your question in our Enterprise section (which is for different software we offer businesses.)

I've moved your question into the Home Updater area of our forum where the appropriate team can better help answer your question!

Hey Frank, is this for the Patch My PC Home Updater?

Hey laszloberger,

I can reproduce the issue.

I recommend you configure the following feature to prevent the update from installing while the software is running: https://patchmypc.com/manage-conflicting-processes-when-updating-third-party-applications

I will update our catalogue in the coming todays to ensure this is applied by default and set to "Skip".

Hey Burdarper

What you're observing is a bug (or "bad" design) in Intune, and how it handles the "ASAP" assignment option.

We have an article which discusses this here: https://patchmypc.com/intune-asap-assignments-bug

The solution is thankfully fairly straight forward with Patch My PC; for your Ring0 and Ring1 groups in the Patch My PC Publisher, you would change the availability/deadline to be +0 days @ 00:00 rather than leaving them at the default "ASAP". Kindly see attached screenshot which illustrates this.

Hey altu,

What you've observed is expected behaviour; we do not have have anything in the Publisher to manage deployments for ConfigMgr Apps like we do for Intune.

Like you've alluded to, SCCM has built-in capabilities to automate the deployment of software updates via ADRs. Software updates are also the best way to do patching with SCCM, instead of Applications.

Software updates have built-in logic to only apply the update to devices which need it; this enables you to deploy any third-party software update in SCCM to all devices, and the patches will only install on devices requiring the update. For example, if you deployed a Google Chrome x64 third-party software update from SCCM to a device which does not have  Google Chrome x64 installed, the update will do nothing have return "not required" / "not applicable".

You also don't have to use ADRs to deploy software updates with SCCM, you can deploy software updates just like you do any other Microsoft updates in SCCM; you could manually create the SUG, add updates to it, deploy it to a collection, download updates into a Deployment Package and distribute it to your DPs. However, ADRs do automate all of this effort.

You can even automate waved / ringed / phased deployments with software updates in SCCM, and especially so using ADRs, which you cannot with Applications - this is (IMO) an industry-wide best practice for patching; to deploy updates to test devices or power users first, before deploying them to everyone else.

The functionality to preconfigure the assignments for Intune exists in our product because Intune has no concept for automatic assignments, like SCCM does with ADRs.

If your SCCM devices are co-managed and the Client Apps workload is moved to Intune, you can absolutely start leveraging our Intune integration. If you prefer to keep things with SCCM for now, then of course it's possible.

We have an article here which discusses configuring an ADRs in SCCM, specifically for third-party updates:

• https://patchmypc.com/how-to-use-automatic-deployment-rules-adrs-with-patch-my-pc

I hope this helps.

Hello,
I'm using PatchMyPC with WSUS to deploy third-party updates to our servers. However, I have an issue where updates for applications like 7zip are bundled together with KB/security updates. This means that I have to install all updates rather than just the specific third-party update.
How to install only the third-party updates outside the maintenance window?
Thanks in advance

Hi louisegull,

I'm struggling a little to understand what you're asking.

Would it be possible to schedule a call so you can show me in a screenshare?

When this happens again is there a way to pull the update down without you having to post a direct download link?

Thanks

It's unfortunate that Adobe persistently have CDN issues and it's tricky for us because then that creates bad experiences like this for our customers.

A way for us to efficiently solve this problem when vendors experience CDN issues is for us to re-host the binary on our web servers but this has legal and perhaps security implications, too.

I appreciate it is frustrating. We will continue to apply pressure on Adobe via their support channels each time this occurs. Hopefully someone from Adobe will soon realise a pattern and address these problems.

Hi L.A

Do you have the product Node.js Latest enabled and deployed in the Patch My PC Publisher? These "Latest" products are designed to perform major version upgrades: https://patchmypc.com/products-multiple-versions-patch-my-pc

Hi team,

Running through an OS Deployment review in my environment, I've noticed that the PMPC package for Ms edge MSI-X64 with the detection script version 3.5 didn't notice that msedge version 127.0.2478.109 is installed. The PMPC version that is being pushed atm is 127.0.2478.105.

The detection script might need a tweak.

May you share some logs?

%WinDir%\CCM\Logs\AppDiscovery*.log
%WinDir%\CCM\Logs\AppEnforce*.log
%WinDir%\CCM\Logs\AppIntentEval*.log
%WinDir%\CCM\Logs\CAS*.log
%WinDir%\CCM\Logs\CIAgent.*log
%WinDir%\CCM\Logs\DataTransferService*.log
%WinDir%\CCM\Logs\PatchMyPC-ScriptRunner.log
%WinDir%\CCM\Logs\PatchMyPC-SoftwareDetectionScript.log
%WinDir%\CCM\Logs\StateMessage.log
%ProgramData%\PatchMyPC\PatchMyPC-UserNotification.log
%ProgramData%\PatchMyPC\UISettings\UINotificationSettings.xml

Also share all of the smsts*.log files aswell. Feel free to upload to https://patchmypc.com/share for privacy, or email [email protected].

There is an ongoing issue with Adobe's CDN where the following URL downloads a different file in some parts of the world:

https://ardownload2.adobe.com/pub/adobe/acrobat/win/AcrobatDC/2400220759/AcrobatDCx64Upd2400220759.msp

Analyzing the files downloaded in the US compared with the UK seems to suggest both files are identical, however, the non-US .msp file has an invalid digital signature.

They're both signed with the same code signing certificate by Adobe, so we don't believe there is cause for concern and it is likely a mistake in Adobe's release pipeline. It's unclear why the digital signature is invalid in the non-US file, however, in any case the SHA256 value is different between the two files.

As part of our security validation process built into the Patch My PC Publisher, all packages published must pass hash validation before publishing the package into your environment/tenant. As Adobe's CDN is distributing a different file globally, some customers may experience a failure publishing the product "Adobe Acrobat DC Continuous (x64)" with the below error in PatchMyPC.log, or email or webhook alerts:

The hash of file downloaded is different than the file hash in our catalog. Hash errors happen when vendors release updates that aren't available in our catalog yet. This error should be resolved in the next catalog update. It could also have been induced by a firewall issue. Additional details:Hash from catalog [qQ6Ki1uw6vUAK6JNlZb3y30QrA0=] doesn't match downloaded update hash of [o7ffhYWlMXvpYoPklinPQbYLiMk=]

We have notified Adobe of the issue in a support thread on their forum a few releases back (it was related to a previous release, but they have the same issue again and again): Invalid digital signature on AcrobatDCx64Upd230082... - Adobe Community - 14457702 - kindly upvote, comment, or if you have the means to, escalate this thread to an Adobe contact.

In the meantime, you can work around this by downloading the correct AcrobatDCx64Upd2400220759.msp (with the valid digital signature) using the below link hosted on our OneDrive and publishing it using your local content repository. Please make sure you have the option enabled to "Check the local content repository for content files before attempting to download content files from the Internet."

https://patchmypc-my.sharepoint.com/:u:/p/liviu/EdJTVoLPnT9Piy82OYmpIekBDL0j4QPprZURw_RS2FCVrA?e=baQxpc

Thank you. It looks like the hash of the .msi for Google Chrome's enterprise installer has changed, indicating a new version has been released. We will get this updated in the next catalogue release (more than likely today.)