Troubleshooting Patch Scans That Do Not List Java Patches as Missing or Installed

Version 9

    Symptoms

     

    You are able to manually verify a Java installation exists on a target (client) system, but a patch scan with Protect does not list a Java patch as missing or installed.

     

    Cause

     

    There are three likely causes for this issue that should be evaluated first:

    1. Verify the patch definitions for Protect are up to date by running Help > Refresh Files. You can verify the version of the patch definitions by going to Help > About > Version Info.  Look for Patch Assessment under the Definition area and then cross reference the version with this website http://protect7.shavlik.com/category/patch-and-bulletin-information/
    2. Use a built-in patch scanning template (Security Patch Scan or WUScan template) when troubleshooting scan related issues. If not using the Security Patch Scan or WUScan template, verify the custom scan template does not include filtering that would limit what patches and products scanned. 
    3. If you believe the Java patch is installed, manually verify the Java patch is listed as installed in Add/Remove Programs (Programs & Features).

     

    Resolution

     

    Is Java Development Kit installed on the target (client) system? If Java Development Kit (JDK) is installed on the target system, you cannot patch Java (the Java Runtime Environment - JRE) separately. JDK contains its own version of JRE, and applying a separate JRE update will break the JDK on the system, so if the JDK is detected you will not be offered any JRE updates. Another possible cause of the issue is a corrupt install of JRE on the target (client) system.

     

    The Shavlik Protect scan engine's detection logic verifies the version of the jvm.dll and java.exe files on the target machine. The scan engine determines the location of these files based on information stored in the registry on the client system. A scan issue occurs if the file location listed in the registry key does not match where the files are located on the system. You can manually verify this by navigating to one of the following registry location using regedit: 

     

    • 32 bit: HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment
    • 64 bit: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Runtime Environment

     

    Navigate to one of the versions of Java listed under this key, then for each version there will be a "RuntimeLib" key. The value of the RuntimeLib key contains the location that we check during our patch scan process.

     

    You can also perform a search for jvm.dll and/or java.exe on your system. If the files are not located in the directory specified in the value of the RuntimeLib registry key then you may have a bad install of Java. The best way to correct this is to manually apply the next Java patch or reinstall Java on the system.

     

    If the instructions in this article do not help identify the root cause of this issue, contact the Shavlik support team and please provide the following information:

     

     

    Affected Product(s)

     

    Ivanti Patch for Windows Server 9.3+

    Shavlik Protect 9+