Protect Detects A Patch That Should Not Be Detected As Missing

Version 15

    Symptoms


    Protect is detecting a Patch that should not be detected as missing.

       

    Resolution

     

    NOTE: Before performing the following, please update to the latest XML data by going to Help > Refresh Files, close and reopen Shavlik Protect and then perform another scan against the machine(s) using a Security Patch or WUScan Template. The root cause of the issue may stem from custom filtering in a Scan Template or could already be fixed in a later XML release.

     

    From The Protect Console:

     

    1. Click on Results tab.

    2. Choose the most recent scan containing the specific patch.

    3. Click on the machine containing the specific patch.

    4. Click on the specific patch.

    5. View why Protect detects the patch as missing (Patch Information Tab).

    6. Click on the linked Qnumber to be taking to documentation regarding this patch. Most of the time this will include the detection logic.

    7. Browse to the location referenced in step 5 to verify the information found in step 5 and 6.

     

    See below for more information:

    new detection logic.PNG

     

     

     

    Also note the Downloaded File name.

    new detection 2.PNG

     

    On the Target:

     

    Browse to C:\Windows\ProPatches\Patches and find the specific patch. If you have previously deployed this patch and it failed, manually try to run the patch.

     

    new detection 3.PNG

     

    Take any screenshots of any errors such as the one below.

    does not apply.jpg

       

    Information to Send to Support

     

    If you experience these errors, please create a support case at support.shavlik.com or by calling into support.

    NOTE: If you choose to call into support, please gather this information before calling in: Obtaining Support

     

    Gather the following information:

     

    1. Before doing the following, please download the latest XML data by going to Help > Refresh Files.
    2. The Bulletin ID & Qnumber of the patch in question. This information can be found in Step 4 above.
    3. Clear your logs, and do a rescan and/or deployment.then gather the log. Please do this by following this guide for console logs: Logs - Gathering Console, Client Side (Agentless), and Agent Log Files for Protect
    4. A DPDTrace gives more information on how Protect detects certain patches. Please gather a DPD trace on the target machine by following this guide: DPDTrace command line logging tool used for patch detection issues
    5. Screenshots from Step 5 from the console, Step 7 from the target and if applicable, the error when the patch is manually installed.

     

    Include the following registry exports from the same target machine that ran the DPDTrace.  This will not only save time, it will also greatly increase our chances of determining the root cause of the detection issue and correcting it:

     

    NOTE: This document has a batch file that retrieves the needed registry keys: Batch File for Obtaining Registry Exports for Detection Related Issues

    • HKLM\SOFTWARE\WOW6432\Microsoft\Windows\CurrentVersion\Uninstall

    • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

    • HKLM\SOFTWARE\Classes\Installer\Products

    • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages

    • HKLM\SOFTWARE\Classes\Installer\Patches

     

    Please zip all files into one archive file before emailing or attaching them to the case.

    NOTE: You will not be able to email the registry keys to the case as .reg files. They must be either uploaded to the case through the support portal or changed into .txt files.

       

    Affected Product(s)

     

    Shavlik Protect 9.x