4 Replies Latest reply on Sep 24, 2014 8:14 AM by joerabbi

    .NET patches show as missing

    joerabbi Rookie

      Most often when I install .Net patches, they show as missing after being patched.

      I decide to troubleshoot this on my current server (2012) with protect 9.1 patch 1.  It is showing that it is missing MS14-046 (Q2966828) Vulnerability in .NET framework...

      I installed the patch with the standard deployment template, rebooted and rescanned.  It showed as still missing.  I checked the Cl5 log and saw nothing amiss.

      I deployed the patch again, except this time with a delay.  I checked between deployment and execution and the patch file was there.  The bat file runs and there are no errors in the log file.

      The post deployment scan shows the patch as missing and the comment is "File version is less than expected..."

       

      The security auditors are not happy to see patches missing.

       

      Thaks,

      Joe

        • 1. Re: .NET patches show as missing
          cwinning CommunityTeam

          Hello Joe,

           

          Our scanning and deployments to .Net are usually rock solid, most of the issues we see are with .Net in general but we shouldn't rule out a detection issue.  Please try these things in order.

           

          1)  Verify sure you are using the latest data files.  The latest version is 2.0.0.8580 and you can verify this in Help > About in the Protect GUI.  (here is a list of content releases: Shavlik Protect | Simplify and Automate your IT Management)

          2)  Take a look at Program and Features - View Installed updates and verify the patch does not show on the list of installed updates.  If you do see it there it most like mean the patch is partially installed.  Uninstall it, reboot the server then attempt to install it again. 

          3)  Attempt to install the patch by hand.  You can find the patch in the C:\Windows\ProPatches\Patches folder.  You may need to manually copy it over if you have Remove Temp files enabled in the Deployment Template.   Double-click on it and note any error messages you see.

           

          Please let me know what you see.

           

          Thanks,

          Charles

          1 of 1 people found this helpful
          • 2. Re: .NET patches show as missing
            joerabbi Rookie

            Charles,

            Thanks for the reply.

            1) yes I am on the current data file.

            2) Microsoft shows the patch installed.  Shavlik shows "file version is less than expected", therefore it reports the patch as missing.

            3) When I try to run it manually it says it is already installed.

             

            Thanks,

            Joe

            • 3. Re: .NET patches show as missing
              cwinning CommunityTeam

              Joe,

               

              All good information, thank you.

               

              Did you try #2?  If yes...  We're going to need some log information from you in order to verify our detection logic.  Use this article DPDTrace command line logging tool used for patch detection issues to run a DPDtrace against the target machine.  Open a support ticket and attach the DPDtrace logs (zipped) and we will have our Content Team take a look.

               

              Let me know if you have any questions.

               

              Thanks,

              Charles

              • 4. Re: .NET patches show as missing
                joerabbi Rookie

                The problem (at least for the server I was working on) was the xml file did not detect properly.  I got an updated xml file and it detected properly. It was properly patched all along, just not detecting properly.

                 

                Thanks for the help