Re: patch management does not update the numbers for not pat - Page 2 - Micro Focus Community

fishoil · ‎2012-02-28

After depoying updates successfully, the patch management number does not change for not patched. the quantity should show 1 less and show that it has been patched

kjhurni · ‎2012-03-12

spond;2180942 wrote:
Kjhurni,

seems I may be guilty of not checking if behaviour has changed in
recent versions, it appears to be tunning DAU for me now, I need to
double-check, but I think it's good now

--

Shaun Pond

cool. So (since I have a dumb question):

How does one "know" if a DAU is running after? To be honest, the only way I "knew" it did it in the old version is that you could watch it fire up the dagent.exe and write to the log file and stuff.

shaunpond · ‎2012-03-13

Kjhurni,

ZCC > Device > relationships > Assigned bundles > "Discover
Applicable..." > status

--

Shaun Pond

shaunpond · ‎2012-03-18

Fishoil,

I have 11 vulnerabilities showing for that KB - what's the exact title
of the vulnerability you're looking for, please?

--

Shaun Pond

fishoil · ‎2012-03-22

seems that majority of the vulnerabilities are patched the issue is using patch management to deploy the updates. I have to re-cache the windows updates (already cached) then push out. After I see that the updated have been deployed and installed the patch and not patched numbers do not change

shaunpond · ‎2012-03-22

Fishoil,

now I am confused - all I want is the exact title of one of the
vulnerabilities...

--

Shaun Pond

fishoil · ‎2012-03-22

2552343 Update for Windows 7 for x64 (KB2552343)

shaunpond · ‎2012-03-23

Fishoil,

ah, this looks "interesting" - it looks for HKLM\SOFTWARE
\PatchLink.com\Discovery Agent\NativeScan\61BFE3EC-A1DC-4EAB-9481-
0D8FD7319AE8\767B417D-EEB3-4759-8FA2-D1418BE5E1B7,"isInstalled"="True"
It has a pre-requisite that checks to ensure that that key exists.
That key would be created during the analyze phase...

--

Shaun Pond

fishoil · ‎2012-03-23

once its deployed to the device?

shaunpond · ‎2012-03-23

Fishoil,

analyze will look on the system, and create that reg key, to determine
if the bundle applies - usually the patches just check filenames,
versions etc., but in this case it looks like it's more complicated

--

Shaun Pond

fishoil · ‎2012-03-23

spond;2184738 wrote:
Fishoil,

analyze will look on the system, and create that reg key, to determine
if the bundle applies - usually the patches just check filenames,
versions etc., but in this case it looks like it's more complicated

--

Shaun Pond

its not a particular update, patch management deploys the update succesfully but does not update the database to show the difference between patched and not patched.

spencapl · ‎2012-03-23

Hi Fishoil

I've had very similar issues, have you checked that patch nightly subscription routine is finishing. You can see this under ZCC in the configuration page and then the patch management section. I found this wasn't completing in our ZONE and thus seeing the same issue as you. Also depending on what version of 11 your running if 11.0 have you applied the patch 2 patches to the patch server itself (yep patches for patch :)) as this solved our issue of the patch subscription not completing each night.

Hope that makes sense and is some help.

fishoil · ‎2012-03-23

patch management has yet to find march updates KB2667402, KB2621440, KB2665364, KB2641653 but ZPM has found them

patch management does not update the numbers for not patched

Patch Management

Windows