CALS IT maintains the security of all college computer systems by regularly issuing security patches and updates released by operating system and application vendors. We use BigFix (Windows & macOS) and Jamf (macOS & iPadOS) to apply the updates.
Updates are broken into two large categories:
Reboot Required – Typically these are operating system patches and updates.
No Reboot Required – Typically these are application patches and updates.
For updates that require a reboot:
To minimize disruption, updates are scheduled to begin on Sunday nights at 10pm. You can defer the reboot for up to 6 hours. After that, a reboot will occur, and the updates will be installed. If your computer is offline at the scheduled start time, the update will be applied when it checks into BigFix or Jamf. This usually happens within a few minutes of bringing your computer online.
In the rare case that an exploit is known to be under active attack (known as a Zero-Day Exploit) CALS IT will push out the needed patches immediately. The 6-hour window to reboot the computer will still be given.
If this schedule is disruptive to the operation of your system, you can request that the system be put into a No Updates Group. Make the request here: Computer Patching Schedule Adjustment.
For updates that do not require a reboot:
Updates are typically non-disruptive and follow our regular schedule. However, urgent updates addressing actively exploited flaws are released immediately. In such cases, a warning with a deferral option is displayed before the update is applied. Afterward, the application is closed, and the update is installed. Some examples include Microsoft Office, Zoom, and Chrome.
We utilize two distinct management systems for patching computers: BigFix and Jamf. Each system offers its own unique set of tools and capabilities. Our approach is to select the most effective tool that provides both automation and the capacity to update many computers simultaneously.
Below is the list of applications patched and their schedules:
Windows
Operating system patches require a reboot and are scheduled to run on Sundays @10pm, with a 6-hour deferral time.
All Windows patching is done through BigFix.
|
Application |
When |
Deferral |
Reboot |
|
7-Zip |
Sundays @10pm |
None |
No |
|
Adobe Acrobat Pro |
Sundays @10pm |
None |
No |
|
Adobe Acrobat Reader |
Sundays @10pm |
None |
No |
|
Audacity |
Sundays @10pm |
None |
No |
|
CrashPlan |
Time of release* |
None |
No |
|
EndNote |
Sundays @10pm |
6 hours |
No |
|
Google Chrome |
Sundays @10pm |
None |
No |
|
Microsoft Office |
Sundays @10pm |
6 hours |
No |
|
Mozilla Firefox |
Sundays @10pm |
None |
No |
|
NotePad++ |
Sundays @10pm |
None |
No |
|
Ivanti Secure Access VPN |
Sundays @10pm |
6 hours |
Yes |
|
Putty |
Sundays @10pm |
None |
No |
|
Skype |
Sundays @10pm |
None |
No |
|
Splashtop Business App |
Sundays @10pm |
6 hours |
No |
|
Splashtop Streamer |
Time of release* |
None |
No |
|
VLC |
Sundays @10pm |
None |
No |
|
WinSCP |
Sundays @10pm |
None |
No |
|
Zoom1 |
Sundays @10pm |
None |
No |
1 – The update will wait if there is a meeting in progress.
*Time of release means the update will occur as soon as it is released from the vendor. If the update is disruptive, a deferral time is offered, otherwise the update is performed as soon as possible.
macOS
Operating system patches require a reboot and are scheduled to run on Sundays @10pm, with a 6-hour deferral time.
macOS application patching is done both by BigFix and Jamf. Jamf is preferred, so if the application update is available through Jamf, it will be used, otherwise, BigFix will be used.
|
Application |
When |
Deferral |
Reboot |
|
Adobe Acrobat Pro |
Sundays @10pm |
None |
No |
|
Adobe Acrobat Reader |
Time of release* |
1 day |
No |
|
Adobe Digital Editions |
Time of release* |
1 day |
No |
|
CrashPlan |
Time of release* |
None |
No |
|
EndNote |
Time of release* |
1 day |
No |
|
Google Chrome |
Time of release* |
1 day |
No |
|
Google Drive |
Time of release* |
1 day |
No |
|
Ivanti Secure Access VPN |
Sundays @10pm |
6 hours |
Yes |
|
Microsoft Office |
Sundays @10pm |
6 hours |
No |
|
Microsoft OneDrive |
Time of release* |
1 day |
No |
|
Microsoft Teams |
Time of release* |
1 day |
No |
|
Microsoft Visual Studio Code |
Time of release* |
1 day |
No |
|
Mozilla Firefox |
Time of release* |
1 day |
No |
|
Skype |
Time of release* |
1 day |
No |
|
Slack |
Time of release* |
1 day |
No |
|
Spirion (Identity Finder) |
Sundays @10pm |
None |
No |
|
Splashtop Streamer |
Time of release* |
None |
No |
|
Zoom |
Time of release* |
1 day |
No |
*Time of release means the update will occur as soon as it is released from the vendor. If the update is disruptive, a deferral time is offered, otherwise the update is performed as soon as possible.