9 Replies Latest reply on Mar 15, 2018 12:01 PM by anthony.swanson

    Missing security patches

    dharmatma Rookie

      Howdy,

      We use Ivanti Protect for our servers, and have done so for 3 years (or more). Separately, we use AlienVault to monitor systems for breaches and vulnerabilities, etc. AlienVault is showing a variety of missing security patches for a number of the servers getting patched via Ivanti.

      We are not using a remote agent for said servers.

      Patches are installed monthly and for most servers, are auto deployed after download with forced reboot.

      Our Ivanti is the latest version.

      Some of the patches shown as missing in AlienVault are recent, e.g., 2 or 3 months old.

      I use WUScan (canned) as the scan template.

      What am I missing? How is it that important security patches are not showing up in the scans to begin with?

      Thanks.

        • 1. Re: Missing security patches
          anthony.swanson SupportEmployee

          Hello,

           

          Thank you for your post. Can you check to make sure your XML definitions are up-to-date? To do this, go to Help > Refresh Files. Once this is done, go to Help > About and make sure that your Windows Patch Definitions versions show at the latest version of 2.0.2.4677.

           

           

          Once you've done that, rescan your machines and see if you're seeing the latest updates.

           

          Let me know how that goes.

           

          Thank you,

           

          Anthony

          • 2. Re: Missing security patches
            dharmatma Rookie

            Hi thanks for the speedy reply. I did do that. Still seeing the same 6 patches (only) missing. I thought that files refreshed automatically.. I have auto update definitions checked.

            I did see this https://community.shavlik.com/thread/451100 and wonder if that's why I'm not seeing the patches shown by AV as missing.

            Does the length of time I keep results (in database maintenance) affect the patch scan results?

             

            • 3. Re: Missing security patches
              dharmatma Rookie

              PS: When I isolate a server's missing patch in the Patches view, I see the servers the patch is on but not the server(s) missing it.

              • 4. Re: Missing security patches
                anthony.swanson SupportEmployee

                Hello,

                 

                I'm not sure if you've tried this, but try closing and reopening your console. Sometimes this is necessary to force the database to refresh. Once you've done that, rescan your machines again and see if you're still not finding the latest patches.

                 

                I would also make sure that if you go to View > Patches and see if you're able to see the latest patches, similar to the screenshot below.

                 

                 

                Thank you,

                 

                Anthony

                • 5. Re: Missing security patches
                  dharmatma Rookie

                  The console is not open all the time, meaning it gets refreshed regularly. I do see the latest patches in patch view.

                  The missing patches identified are a couple of years old--and we were using Shavlik then I'm certain.

                  I have not made an exhaustive comparison of the missing patches AlienVault sees and what my console tells me.

                  So my next question is: the default WUScan and Security scans should identify any missing patches, no matter how old? Or is there some setting that only checks for recent patches (I do have "use replacement patches" checked).

                  And how would I apply the missing patch to the server(s) involved if it's not showing up in the scan? I've created a patch group for that server and am unclear as to my next step.

                  Thank you.

                  • 6. Re: Missing security patches
                    anthony.swanson SupportEmployee

                    Hello,

                     

                    My recommendation at this point would be to open a support case here and request a callback on that case. We can always jump on a Webex and take a look at what is happening in your environment.

                     

                    Thank you,

                     

                    Anthony

                    • 7. Re: Missing security patches
                      dharmatma Rookie

                      will do thanks

                      • 8. Re: Missing security patches
                        dharmatma Rookie

                        One more quick question: I am seeing that MS patches released 3/13 are not downloaded. My understanding is that Ivanti tests patches before pushing them out to the Protect system. Is that correct? If so, what is the "usual" lag time between Microsoft issuing a patch and customers being able to download them /apply them to systems? (We prefer to wait just because of MS history of patches breaking stuff.)

                        Thanks.

                        • 9. Re: Missing security patches
                          anthony.swanson SupportEmployee

                          Hello,

                           

                          We don't actively test every patch prior to release. We really focus on building our deployment and detection logic when patches are released. Generally, when it comes to Microsoft patches, we will have them released in an XML update on Patch Tuesday evening.

                           

                          Thank you,

                           

                          Anthony