Highlighted
Absent Member.. Absent Member..
Absent Member..
1354 views

Detecting installed Windows patches

Jump to solution

We're trying to use scanner-based inventory to find all installed software on a server, including the installed patches.  In the Mapping Options portion of the inventory activity setup, we have selected the Raw OS Installed Software option to gether the additional information, but the trick is finding a regular expression that will capture all installed Windows patches.

Microsoft has a habit of naming patches "Security this" and "Update that" or "Hotfix for the other thing" so I'm trying to figure out a way to tell UD to pick up anything where the name contains "KB" since the KB numbers are always included in the title of the patch.  I've tried a number of different regular expressions, but nothing has worked that pulls everything in.

I've attached our current settings that I thought might work, but they didn't get any of the Windows patches (just the patches for other Microsoft apps like .NET Framework).  Has anyone found a pattern that gets all Windows patches?

1 Solution

Accepted Solutions
Highlighted
Outstanding Contributor.
Outstanding Contributor.

Re: Detecting installed Windows patches

Jump to solution

Please try the below in the Raw OS include

discovered_vendor=Microsoft*;name=(?i)update|hotfix|kb.*

 

In my very limited testing it returned only Microsoft updates

View solution in original post

5 Replies
Highlighted
Outstanding Contributor.
Outstanding Contributor.

Re: Detecting installed Windows patches

Jump to solution

Please try the below in the Raw OS include

discovered_vendor=Microsoft*;name=(?i)update|hotfix|kb.*

 

In my very limited testing it returned only Microsoft updates

View solution in original post

Highlighted
Absent Member.. Absent Member..
Absent Member..

Re: Detecting installed Windows patches

Jump to solution

Thanks John.  This is getting me a lot closer, however it's still missing a few items that show up in Control Panel i the list of installed patches.  Oddly enough, even though 'security' is not mentioned in the regex and 'kb' is, it found all the Security Update patches but not the one whose name is just a KB number.

I'm still playing around with some other variations to learn what's possible and what's not.  If I get something that finds my whole list, I'll post it here.

0 Likes
Highlighted
Outstanding Contributor.
Outstanding Contributor.

Re: Detecting installed Windows patches

Jump to solution

I looked in a scan file to try to determine why the KB only ones would not show up. What I found is that the KB only ones are patches and they don't have a discovered vendor associated with them.

This is a patch and does not show an attribute <hwOSInstalledAppPublisher>Scan_file_Windows_patch.png

This is an update and does have <hwOSInstalledAppPublisher>

Scan_file_Windows_update.png

 

0 Likes
Highlighted
Absent Member.. Absent Member..
Absent Member..

Re: Detecting installed Windows patches

Jump to solution

I found the same thing as well.  In the end, I spent half a day tracking down missing entries that aren't really missing after all.  The list of patches the OS shows is displaying titles that are different from what the UD scanner is identifying.  When I searched the returned data, I found all the missing entries under different names but referencing the same KB number.

0 Likes
Highlighted
Super Contributor.. Super Contributor..
Super Contributor..

Re: Detecting installed Windows patches

Jump to solution

Hello, did you alter the regex to impove any other inserted installed software? Is publisher field mandatory?

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.