OS Software Updates - Automation Rules

What

Managing OS updates can be a burden with the quantity and frequency of new updates, requiring new Filesets and correct grouping for assignment. FileWave 16.2.0 makes this process much simpler for both Apple and Microsoft updates.

When/Why

Apple and Windows devices report which updates are relevant, back to the FileWave server. The Client Info of any one device will list those updates reported:

However, the Software Updates view in FileWave Central shows all updates, reported across all Apple or Microsoft devices, with further filter options. As devices report into FileWave, this view will continually update.

The 'Is New' entry is of key importance for the Automation Rules.

Entries freshly reported, automatically have 'Is New' set as 'Yes'.

Automation Rules are used to target any chosen updates, set as new, and build out Filesets, aiming at only desired updates or ignore others, by way of inclusions or exclusions. For example, are all Windows driver packs desirable?

Setting Automation rules allows for futuristic updates, not yet existing, but reported by devices subsequently.

When the Automation Rules are actioned, a Fileset per update should be created for any included updates, whilst excluded updates will be ignored. This 'Is New' flag will be set as 'No' when Filesets are generated, meaning excluded updates will remain as new.

It is possible to manually alter the 'Is New' flag for one or more updates, by way of the right click contextual menu:

Resetting the 'Is New' flag for any updates back to 'Yes', will cause them to be included once more when the Automation Rules run, whilst setting any to 'No', will exclude them for rule consideration, regardless of rules created.

Once rules are configured, they are actioned by the 'Run Automation' button; a manual process at the time of writing, but will hopefully be an automated, scheduled process in a future FileWave release.

For easy reference, only when a rule will cause a Fileset to be generated, will the 'Is New' flag be altered from 'Yes' to 'No'.

How

Only FileWave Administrators with necessary permissions may perform some or all of these actions, as set in:

Assistants -> Manage Administrators:

Manage Updates
Configure Automation Rules

Select "Automation Rules" in the Software Update's toolbar to view current or create new rules, as below:

The above example has 3 defined rules in place (one exclusion and two inclusion) and a designated Default Group. Any updates set as new, which do not meet the criteria of the rules, will generate Filesets within the Default Group. This can help identify new updates not impacted by the rules.

Unless set, there will be no Default Group.

Rules may added or removed using the + and - buttons respectively, whilst the highlighted rule may have the target group or assignment type edited. Default Group may be cleared if set.

If there is no Default Group, then (as with Exclusions), the 'Is New' flag will remain as 'Yes' for any updates not matching Inclusion rules; no Fileset will be created.

Rules run top to bottom. Exclusion rules prevent updates from being considered in any subsequent rule. The first matching Inclusion rule will generate a Fileset and then set the 'Is New' flag to 'No', such that subsequent rules will no longer be appropriate (for any updates matching more than one rule). Hence, only one Fileset will be generated for included updates each time Automation Rules are Ran.

Drag rules up or down to alter order.

Add Exclusion rules at the top of the list to prevent Filesets being created for updates meeting the exclusion criteria.

The rules view should seem similar familiar. As with Inventory Queries, each rule should be given an appropriate name, for reference, and criteria components may be added to define rules:

Fields tab should list updates caught by the rule definition:

Example

Consider the following rules:

These will run in the following order:

Rule	Description	New
1: Exclude Drivers	The criteria of this rule is set to ignore all Windows Drivers.	Updates remain as 'New'.
2: Defender Updates	As suggested by name, this rule targets Windows Defender updates, placing them in a similarly named Fileset Group, ready for testing and assignment.	Updates altered to 'Not New'
3: Rule for macOS Update	Again, the name explains the rule, with all macOS updates being added to a Fileset Group named 'macOS'.
4: Default Group	Any updates not caught by the above rules, yet set as new at the time of running the Automation Rules, will have Filesets created with this group; 'Unfiled Updates' This helps highlights which updates were new, but not matching any of the rule criteria.

Exclusion Example

As described, updates excluded remain as new. Consider the following 3 rules:

The macOSUpdate 26 rule is set to include all macOS 26 Updates. Likewise, the Windows Software Updates Security is set to include all updates that have the Category 'Security Updates'.

The Exclusion Rule has been set to impact both of these other rules:

Only where new updates are older than 10 days, will those updates be processed. Any newer updates by date will be ignored and remain as new. However, as days pass, those updates will become in scope of each below rule and Filesets will be subsequently generated.

This provides an amount of grace period for testing, ensuring new updates will not be processed even if the Automation Rules are actioned.

Updates may be manually generated into a test Fileset Group.

Manual Fileset creation from the Software Update view also sets the 'Is New' flag as 'No'. Updates left untouched will remain as new and come into scope after the defined period of time.

Associated devices with this group should receive the updates. Once testing has been approved, these updates could then be considered for generic deployment.

Each approved update may then have the 'Is New' flag manually reset as 'Yes'. When the updates come into scope by date, being set as new again, they will now have Filesets created within the groups as targeted by each rule. If not internally approved, those manually created updates will remain as 'No' and will not be included when the date scope has been reached.

This method allows for pre-assignment of both test group and live deployment of updates, negating subsequent manual actions.

Prevent Duplicates During Enrollment

Automated Client Conflict Resolution

Automatic Enrollment Permissions

Manual Client Conflict Resolution (Multiple Devices)

Creating and Editing a query

Demystifying Inventory Queries

What are Sample Queries?

How do I export the results of an Inventory query?

Generating scheduled reports

Sending Scheduled Reports to More Than One Address

Filtering in Inventory Queries

Exporting & Importing Inventory Queries

Inventory of IP Addresses

Smart Groups, Inventory and Application Version Numbers

Using Queries to create Smart Groups

Create a Smart Group from an Inventory Query (Report)

Duplicating Smart Groups

Smart Group Preview

Move To... for Filesets

OS Software Updates - Automation Rules

OS Software Updates - Obsolete Filesets Cleanup

Configuring and using the Dashboard

Mobile Preferences - iOS / Android

LDAP Preferences

VPP and ADE Preferences

Managing FileWave Administrators

Embracing the Dark Side: Dark Mode for FileWave Central (15.3+)

FileWave Central - Additional Settings Menu Items

Configuring Inventory preferences

FileWave Anywhere persistent user preferences (14.8+)

Manual Licenses

Font Licenses

Creating Licenses from Filesets

FileWave Server Mail test receives Bad Request with Google SMTP Accounts

Adjusting the Idle Timeout in FileWave Anywhere (WebAdmin)

Could not create the /Volumes/XYZ directory error when opening client info

Dashboard Warning levels and Descriptions

Opening FileWave Central / Anywhere in a Specific Language (macOS)

Opening FileWave Central / Anywhere in a Specific Language (Windows)

What is the difference between Revert and Restore?

OS Software Updates - Automation Rules

What

When/Why

How

Example

Exclusion Example

Related Content