The patch quarantine feature is designed to prevent too many installation attempts on operating systems by bad patches or patches that require a reboot. A patch could fail multiple times because of environment issues on a device or because the patch needs to be fixed by the vendor.
If a patch becomes quarantined because of an environment issue that you can resolve, you can use the Release Quarantined Patches quick task on a device to remove a patch's quarantined state and then enable ZENworks to attempt to install it one more time, either through a patch policy or a remediation deployment. When the quick task executes it will release all quarantined patches on the device.
To run the Release Quarantined Patches quick task:
Select the device or server that requires the patch in the Devices list.
Choose Release Quarantined Patches in the Quick Tasks drop-down menu.
Define your desired options in the Quick Tasks Options dialog box, and click Start.
NOTE:Once an attempt is made to install a patch that is released from quarantine, it will return to quarantine if the installation fails.
The details of quarantined patches are available in the zmd-messages.log file. The quarantined patches will be logged as shown below:
[Patch]… "Patch is in quarantine <patch name>
The quarantine folder stores files with a security verification failure. Any collection processor moves the file to quarantine if the following criteria are met:
Security is enabled but receives a file without a header
Verification of header fails.
Mismatch in the GUID that is present in the header and the file contents.
Path to quarantine Folder is <collectionDir>/quarantine/<folderOfProcessor>
Example: For Windows MDM the path is <collectionDir>/quarantine/windowsmdm
The files in the quarantine folder are retained always in case any analysis needs to be done.
Path to quarantine folder are as follows:
Windows: %ZENWORKS_HOME%\work\collection
Linux: /var/opt/microfocus/zenworks/collection/