4 Replies Latest reply on Dec 28, 2016 9:22 AM by brett.carl

    Patch Detection Error

    brett.carl Rookie

      Good Morning,


      There are 2 patches that are showing up in my Nessus report that show as not installed:




      When I run a Security Patch scan on the server in question, the patches do not show up as being missing.

      Server Scan.PNG

      I'm unsure if it's a detection error within Shavlik Protect or a me error.


      I did some research and I can't find anything that points out to why these are showing as missing. Unfortunately Java cant be updated on this server as of right now.


      Thanks for any assistance & guidance you can provide.

        • 1. Re: Patch Detection Error
          Recursion SupportEmployee



          KB3205640 is what's known as a "Bulletin KB". It's the KB number for the MS16-155 bulletin, but there isn't any patch that has that Kb number. If you navigate to the KB article page here, you'll see the actually downloadable and deployable patches are all different KB numbers, that are under the "umbrella" of KB3205640. I've seen Nessus report this a lot, even when all applicable updates for the bulletin are installed.


          For the java update, we'd need to know what version and update of java you have installed to be sure of the nature of that. You can check in a command prompt by running: "java -version"

          • 2. Re: Patch Detection Error
            brett.carl Rookie



            In regards to MS16-155, it would appear that the Nessus report is reporting that as a false positive? I don't see that it is installed on the server in question. Here is what Nessus reports:


            Is this an expected behavior even though Shavlik does not report it as missing?


            As for the Java Version, it is running on JRE 7.0.79

            • 3. Re: Patch Detection Error
              Recursion SupportEmployee

              So for Java, the reason is that the last public release for Java 7 is update 79/80. Update 79 is the CPU release (purely security) and 80 is the PSU release (other fixes). Update 80 is a non security patch, so it won't be offered in a security patch scan. To get the update Nessus is referring to, you would need to have a support contract with Oracle to access those extended support updates.


              For the .NET update, I would try running a WUScan. I looked at our classifications, and only 3 variants of the update are classified as Security, while the other 13 are Non Security. It may not be a false positive, just a filtering issue.


              Based on some (possibly incorrect) assumptions, you should look in the results for Q3210136 (applies to .NET 4.6 and 4.6.1), as well as one of the following, depending on OS:


              Q3210132 - 2012 R2/Win 8.1

              Q3210131 - 2008 R2/Win 7

              Q3210130 - 2012


              All of these are classified as non security, since they also contain non security bug fixes/improvements. The 3 security updates under MS16-155 don't affect the 2 files Nessus is looking at, so they likely aren't applicable, or are already installed.

              • 4. Re: Patch Detection Error
                brett.carl Rookie

                Excellent, thank you for the information.This sheds some light on our Nessus reports.