So two things I've noticed so far on 9.5.2 clients.
When the OS X agent installs there is a line specifically in the Post install that deletes the CatalogURL in /Library/Preferences/com.apple.SoftwareUpdate.plist which directs the OS as to where to get its updates from. So even if the Agent Config contained a "Use alternate update server" entry - it immediately gets removed.
Secondly whenever vulscand runs or the ldcron task to update Agent Settings runs - the following command runs:
/Library/Application\ Support/LANDesk/bin/ldagentsettings /changebehaviors /taskid=-1
This command syncs down the Agent Settings and deletes the CatalogURL entry (side effect). This means that even if you manually try to configure the CatalogURL or set it using a custom def or tools like DeployStudio - it gets removed with-in a few hours.
This occurs with "Use alternate update server" set and without it set in the agent configuration.
I believe this is a bug.
The second half of this is that I have a custom definition that sets the update settings for my devices; frequency, what to patch, and which server to point at (CatalogURL). If this patch is set to retry on auto fix unlimited attempts, and at the start of every vulscan it runs a Agent Settings sync - it will loop endlessly, or at least do a full N number of retry attempts. This makes scans last N times longer.
I believe this is a bug as well.
Lastly whenever you use a policy to deploy multiple patches - it appears that vulscan does a full scan before each patch can be installed, rather than just check the definition for the patches being attempted. This is a feature imbalance from the way the Windows agent handles the patch installs and causes dramatically longer install times because of unnecessary full scans.
I believe this is a bug also.
Anyone have any insight into this behavior?