I never really used agent health in the past and have started looking into again today. Some things confuse me about it. It seems there are three pieces to it and I'm not fully understanding how they all connect. You have a bootstrap task, an agent setting (which isn't even part of agent config), and patch manager definitions (which are much smaller in number compared to the amount of repair items in the agent settings).
Do we really have to manually run a change settings against all agents to use agent health or does the default agent health setting come into play? I couldn't find evidence of this in the registry. Having to deploy an agent AND run a change settings task seems odd to me.
How do the agent health patch definitions relate to the actual agent settings?
What happens if you use one without the other?
Some of the definitions reference specific file versions. I just updated to SU5, but have not updated most agents yet. Would these definitions start replacing files on those updated agents?
What part is the bootstrap task working in conjunction with? It looks like it just kicks off a vulscan for type 3 which would lead me to believe it works with the definitions.