1 of 1 people found this helpful
The problem is that the patches you are mentioning will always show as missing.
The exact purpose of the "MSST-001 (Custom Action Patch)" is to always show as missing. You should remove this from normal scans.
The other patches you mentioned are all of the "Security Tool" patch filter type, and they are patches that always show missing because they work like an on/off or enable/disable switch for the patch. You may want to use a patch group to filter these out if you no longer want them to show up.
I hope that helps.
Thanks for your response. I've excluded the Custom Action Patch which tidies things up a little.
So I guess the issue is, I could exclude "Security Tools" in the "Patch type filter settings" and get a "Clean" scan after deploying any other patches, however that would leave the system vulnerable to whatever the security tools were designed to fix.
As an example, the Malicious Software Removal MSRT-001 (Q890830), which is updated every month by Microsoft fits into this category and would never get deployed if I exclude "Security Tools" from the scans.
As far as I know, this isn't just an on/off, disable/enable type of patch and (bad example maybe) it doesn't appear as missing after my scans...
So how can you tell, from a scan after deployment of patches including Security Tools, whether or not the Security Tool type patches have been successfully deployed?
Well MSRT-001 isn't one of the patches that has the enable/disable function so once it's installed it should no longer show as missing - the only thing with this one is that it's updated fairly often so it could seem like it's always missing depending how often you run your scans.
Are you performing a reboot after applying patches?
If you are having trouble with patches that continuously show missing other than the enable/disable type patches it might even be a good idea to open a case with support directly.
Thanks again for your quick response.
With the Security Tools patches, is it possible to tell whether or not it has been applied if it is an enable/disable type patch?
The security Tools that have a U beside them in the Patch Q number are the ones that uninstall the security Tool. I personally exclude those patches so i ensure that those are installed. I dont like how they do those beucase you have no indication that is what is going on. You keep installing and installing and they never stop installing, Maybe if the patch name said install or uninstall that would help, but instead you get caught in a loop until you check that Q number, and unless you see the U after it, you have no idea because the identical patch without the U looks identical. Very bad way of doing these because they will flash in the console so fast that you have a hard time finding the U ones.