9 Replies Latest reply on Aug 8, 2013 3:37 PM by adamg23

    Patch scan discrepancy in scan results

    Rookie

      I'm not sure how to classify this question, but I scanned a Win2008 server using the agent scan.  It found no patches.

      Then I ran a Windows update on the server, it found 9 patches, which I patched and rebooted.

      I now run a new agent pacth scan and it now sees 7 of the 9 patches.

       

      I ran Windows update again to verify and no patches are found.

       

      What is causing this delay / discrepancy?

        • 1. Re: Patch scan discrepancy in scan results
          travisschuur SupportEmployee

          It all depends on the type of scan that you have in your Ageng Policy. Here is a link explaining why you get different scan results from Windows Updates and Protect Scans.

           

          http://community.shavlik.com/docs/DOC-1614

          1 of 1 people found this helpful
          • 2. Re: Patch scan discrepancy in scan results
            Rookie

            Thanks, but:

            "It appears you're not allowed to view what you requested. You might contact your administrator if you think this is a mistake."

            • 3. Re: Patch scan discrepancy in scan results
              cjensen SupportEmployee

              A Windows Update scan has the ability to show missing Security Patches,  Non-Security Patches, Security Tools, driver updates, and sometimes  patches that aren't publicly downloadable.

               

              Depending on what Scan  Template you are using in Protect, the results will vary. The built-in  security patch scan will only show missing security patches. The  built-in WU scan will show missing security patches and non-security  patches. And please note - we don't always include all non-security  patches in our XML data right away either, as security patches take  precedence.

               

              You can always create a Custom Scan Template, and  check security patches, non-security patches, and security tools for the  most robust scan.

               

              If you still are seeing unexplainable  differences, please send list the KB article numbers of the patches that  Windows Update shows as missing (but Protect doesn't), and I can research  them and find out why Protect isn't supporting them.

              • 4. Re: Patch scan discrepancy in scan results
                Rookie

                Here they are:

                 

                I run a custom scan which incluses Security and Non-Security patches

                 

                Windows Update is patched

                Agent reports these are missing:

                 

                MS12-035

                MS12-034

                MS12-074

                MSU-776

                MS13-046

                MSWU-726

                MS13-047

                • 5. Re: Patch scan discrepancy in scan results
                  Rookie

                  I ran a local Update Patch Data through the agent, rescanned locally and the new results show in the console.

                  Could I be missing a firewall port opening?

                  • 6. Re: Patch scan discrepancy in scan results
                    mpendleton Rookie

                    No danh2010, This should not be the case. I run into this quite a bit myself. Typically what happens is that Shavlik doesn't have their xml file coded correctly so those patches are missing But Shavlik does not realize it. Very hard process to convience shavlik also

                     

                    Steps to send Shavlik.

                     

                    1st.    Clear out your logs on your server. Being 2008, it should be "c:\programdata\LANDesk\Shavlik Protect\Logs\" You will also have to stop your agent services, Stagent.exe, and stdispatch and stop the stagentui.exe Processes. Then you can delete out all logs in the log folder, then start back your stagent service will will start the dispatch also Then find in yoru start menu the shavlik agent and reopen it.

                     

                    2nd.    Verify that your Agents are up to date with patch definitions and run your full scan.

                     

                    3rd.     Providing they are still missing, take your logs and attach those to a new case to shavlik. Tell them that Windows update see's these as missing and you guys don't. Then they will investigate and find there faults in the XML file and fix the problem in the next update.

                     

                    I typically have the opposite problem, Patches are usually already installed but the XML file says they are not and keeps trying to install them. I generally go throught his process at least 3 times a month so i know this process very very well. Once you do this just sit back and wait for them to fix it. It's mind blowing what you have to do to prove you are correct in your findings but these steps work everytime and they dont question you up one side and down the other when you do these steps.

                    • 8. Re: Patch scan discrepancy in scan results
                      Rookie

                      I am having the same problem with agent reporting as missing certain patches that are applied.

                      • 9. Re: Patch scan discrepancy in scan results
                        SupportEmployee

                        Here's an updated document that should prove helpful concerning this post:

                         

                        http://community.shavlik.com/docs/DOC-22930