Security Tool: Implement the QualityCompat registry key that enables Windows security updates released on January 3, 2018

Version 7

    Purpose

     

    The Ivanti Content Team has created a Security Tool to help implement the QualityCompat registry key that enables deployment of the Windows security updates released on January 3, 2018. This document will step through the configuration to specifically target the new Security Tool and deploy it your clients.

    Adding this registry key on machines that have out-of-date AV could cause BSOD's. As we are unable to completely test the impact of adding these registry keys or installing the OOB security updates per Microsoft guidance, we highly recommend testing this in your test labs before pushing to production.

     

     

    Instructions

     

    You will be creating a Scan Template and Patch Group to specifically target this Security Tool. This will allow you to scan with automatic deployment without having to worry about installing other Security Tools we offer.  We will be offering 2 Security Tools, one to implement the registry key and another to remove the registry key.

     

    • IVA18-002 Q4072699: This tool adds the QualityCompat registry key
    • IVA18-002 Q4072699U: This tool removes the QualityCompat registry key

     

    Creating the Patch Group

     

    A Patch Group contains a list of patches you can use to use as a baseline (to scan for) or use to exclude from scan results. We will be using a Patch Group as a baseline to scan for IVA18-002 Q4072699.

     

    1. Navigate to New > Patch Group.  Enter a Name for the Patch Group and optionally a Description. Click Save.

    2. Search for IVA18-002 or 4072699 as shown. Right-click on the Security Tool IVA18-002 Q4072699 and choose Add to Patch Group then choose the Patch Group you created.

     

    3. The Patch Group is created and can be added to the Patch Scan Template, close the Patches window.

     

    Creating the Patch Scan Template

     

    The Scan Template, along with your new Patch Group will help you scan for the new Security Tool.

     

    1. Navigate to New > Patch Scan Template

     

    2. Give the Scan Template a Name, matching the Patch Group Name is advisable.

     

    3. In the Baseline or Exceptions section, choose Baseline and check-mark your Patch Group. (no other filtering is needed)

     

    4. The Scan Template should look similar to this:

     

    5. The Patch Scan Template is created, Click Save.

     

    Scanning for the Security Tool

     

    The setup is complete, you can use your new Patch Scan Template to scan for the new Security Tool IVA18-002 Q4072699. The Security Tool will show missing on systems that do not have the registry key on them and can be deployed like a regular update.

     

    Additional Information

     

    • You can follow these instructions to scan for the uninstall Security Tool by creating a Patch Group including the IVA18-002 Q4072699U version of the tool.

     

    Affected Product(s)

     

    Ivanti Patch for Windows Servers 9.3.x

    Shavlik Protect 9.2.x