1 Reply Latest reply on Jul 5, 2018 7:38 AM by Eric.Cuthill

    Reporting on patch status

    Patch5000 Rookie

      Looking to the community for help. I have Shavlik running on all of my workstations. As a Manager I want to know at any time what my patch compliance rate is (e.g. the % of computers that are fully patched based on my baseline). From what I've heard, workstations must be on for Shavlik to perform a scan to collect that information. The issue is, if a computer is not on my network then they won't be scanned even though they do receive the patches. So I have computers where I never know if they have been patched or not. There must be some way for the agent to report the status without a computer being scanned while on a company network. How are all of you getting accurate information on the patch compliance of your patching?

        • 1. Re: Reporting on patch status
          Eric.Cuthill SupportEmployee

          Patch5000,

           

          To have the most accurate reporting would require a few things The first is that you will need to have the agent machines that are not onsite use a policy that allows for a sync with the protect cloud. Part of that requires that your console be setup to sync with the protect cloud. That will allow you agents to report their results to the cloud that acts as a relay and your console will pull that sync information periodically to stay up to date. The next thing is that you would want to have a daily scan (agent policy with a new daily scan only task, and agentless for local machines without a policy) of all your machines this is to ensure that the most recent scan before any reporting is what is being reported on. You will be able to monitor and see if any machines have not scanned recently in the environment no matter how they are scanned (agent or agentless) in view machines and reviewing the last patch scan date column. Once this is done you can use the normal reporting process to create your needed reports as needed.

           

          Even with all the above we can only report on the results we have collected so if a machine or group of machines are not scanning or reporting back tot he console for one reason or another the results will not be accurate. This is why monitoring machines that are not scanning is important. There are other tools that you can use to give a picture of the data we have in the database but this again will only be as good as the information we can collect from the machines in the environment. Please let me know if this has completely answered your question or if you have specific questions about any of the items mentioned. I have also included documentation below about the protect cloud and how it works along with how to setup and troubleshoot issues with the agents.

           

          Protect Cloud Overview - FAQ
          https://community.shavlik.com/docs/DOC-23836

           

          How To: Install and Use a Protect Cloud Agent
          https://community.shavlik.com/docs/DOC-23805

           

          Protect Cloud Agent Information and Troubleshooting
          https://community.shavlik.com/docs/DOC-24292

           

          Eric