4 Replies Latest reply on Mar 15, 2018 6:30 PM by NA..ta

    Scan a server using a Scan Template with a specific Patch Group

    NA..ta Rookie

      I've been trying to scan& deploy using some scan template with specific patch group,

      but the scan result shows; Installed patch 0, Missing patch 0

       

      The target server is Windows Server 2008.

      I see the specific patches are installed in different server with same OS.

       

      Details for your refference;

      - Shavlik Protect Standard 9.2.0 Build 5119

      shavlik.png

       

      Anyone know why it happens?

        • 1. Re: Scan a server using a Scan Template with a specific Patch Group
          cwinning CommunityTeam

          Hello,

           

          Is it possible you didn't include patches in the Patch Group that are installed or missing on the target?  Have you verified patches show missing or installed when using a Security Patch Scan template? Please do, then add one of the missing patches to the Patch Group and scan using the Patch Group again.  Does the newly added patch show missing?

           

          You should also verify you have the latest Windows Patch Definitions in Help > About.

           

          Thanks,

          Charles

          • 2. Re: Scan a server using a Scan Template with a specific Patch Group
            NA..ta Rookie

            Hello Charles

             

            I have already verified with Security Patch Scan template and see result as below;

            shavlik2.png

            I see there's some missing patches but they are only the latest patches;

             

            shavlik3.png

             

            The patches I'm trying to install with a patch group are old ones such as MS11, MS13, MS15 etc...

            Below is the capture of the group I created;

             

            shavlik4.png

            The patch definition looks like the latest.

            shavlik5.png

            • 3. Re: Scan a server using a Scan Template with a specific Patch Group
              cwinning CommunityTeam

              Hello,

               

              By default, our scan engine will only show you the latest applicable patch required on the system. Patch for Windows Servers uses complex detection to determine what is needed or already installed and provides you with a list of patches that are applicable on the system, this includes ignoring old patches that have been replaced by newer patches.  If a Security Patch Scan or a WUScan Template doesn't show patch as missing then: (possible causes)

               

              • The patch is replace by a newer patch and the latest applicable patch in the chain is missing.  Many of the patches on the list have been replaced by newer patches. There is no need to install the superseded patches if you install the latest in the chain.  To disable our supersedence logic, not recommended, go to Tools > Options > Patch and uncheck Use replacement patches.
              • The patch is already installed and shows Installed.
              • The latest patch in the chain is already installed and the previous patches are Effectively Installed.  You would need to create a custom Patch Scan Template and enable detection of Effectively Installed patches to see these patches.  This will often show old patches that may not be specifically installed, but are Effectively Installed due to newer patches in the chain be installed.
              • We don't support the patch. This is less likely.
              • There is a detection issue.  This is less likely with older patches.

               

              Knowing our product and how our detection works, I'm positive a Security Patch Scan using the latest data will show what is require on your target machines.

               

              Please let me know if you need me to elaborate.

               

              Best regards,

              Charles

              2 of 2 people found this helpful
              • 4. Re: Scan a server using a Scan Template with a specific Patch Group
                NA..ta Rookie

                Thanks Charles

                 

                I understand how this product works.

                I may proceed to deploy required patches using Security Patch Scan.

                 

                Thanks again for your support!