Do you know the exact patch or vulnerability number you fixing or patching?
Patching happens in two phases.
1) The target System examines it patch work list. It then compares the work list to target system configuration, and rejects any patches which do not apply (you may see alot of this when people patch without scanning, or the scan is not able to probe for that information). It will set those patches to "Not Applicable". The patches that apply, will be applied, and if reboot is required, it will queue it up. It will set the system's patch entitlement list to be "Reboot Required" if it is needed.
2) If at the end, the system needs to be rebooted because a patch has requested it, it is done. When the system reboot is completed, the patch agent verifies that the reboot was successful, and verifies that the patches were applied, it sends back the "Successful" status.
Now this is differnt than Fix.
Some vulnerabilities are easy configuration fixes. These configuration fixes are handled by the STAT Scanner Engine. It invokes a fix operation, which may be able to simply make the configuration change, and report the status of the fix operation in an HP SIM / VPM Event.
Now these operations should be done at non-peak times, and during times where the system is potentially going to reboot (as you know Microsoft does not always tell you a reboot is required, but does so anyways).
We don't recommend you apply alot of patches to the HP SIM /VPM server, as it may cause a reboot, or reconfigure the system, while you are expecting it to monitor, or react to events from other systems during the period that you are down.
tag
