BigFix - Gracefully Close Applications before patching

Recently Microsoft Released a zero-day vulnerability with Microsoft Outlook. With Zero Day vulnerabilities you need to have these addressed and deployed ASAP. Normally with any Microsoft Office patch you can deploy the patches to install while the office applications are running. Once those applications are closed the patch will install or finish installing. This usually isn’t an issue as “most” users open and close applications all the time. But in this case, we need to get that zero-day patched deployed asap and we need to force users to close outlook to get the patch installed. This time we had an office application, but it could be any application. Normally BigFix provides out of the box the ability to close running office applications as part of the patch content. But this guide isn’t just for Outlook you can change it for any application that could be running that if affecting a patch being installed. Just replace outlook.exe with your application name you would like to close.

In this guide I am going to show you how to add a task kill action to your baseline before patches install. This will ensure that you can give your users a deadline and prompt them to close Outlook and once the deadline passes it will either automatically close Outlook or keep an annoying window up until they do. With BigFix we offer the administrator the ability give users flexibility or force changes to the end users. In this case we might want to give them a deadline and then close the application to get the patch deployed because this is a zero day. But each organization is different but at least you have options with BigFix.

In your BigFix Console go to Tools – Create a New Filxlet

Give your Fixlet a name

Add the following to your action script

waithidden taskkill /f /im outlook.exe

Select Include Custom Success Criteria and Select the Edit Button

Select the applicability relevance evaluates to false

Select the relevance tab

Select Computers which match all of the relevance clause below and add the relevance.

exists running application "outlook.exe"

Close and Save the Fixlet

Find your newly created task and Right Click and select Add to New Baseline

Give your baseline a name

You will see your fixlet added to the baseline but we will want to add our patches to the baseline by selecting add components to groups

Once the patch or patches are saved you can now Save your Baseline

Take Action of our newly created baseline

Select your targets you want to deploy the patches to

Select the Messages Tab

We will want to display a message before running action group

Type in a message to prompt your end users to close the application before they take action. 

Give the users a deadline and if they do not hit take action do you want it to run the action or keep a message up until they hit take action?

Hit OK to deploy your action

The end user will see a pop up notifying them of a BigFix action

Click on the Prompt will ask them if they want to take action

Once the action runs it will now close Outlook if it is running and also install the patch. You will see in your console the status of the action.