Video Screencast Help

Compliance report shows low compliance

Created: 25 Oct 2012 | 2 comments

Hi,

We are facing the following issue. Whether you run the Compliance by Bulletin or Compliance by Computer report, it shows 0% installed bulletins for all computers. Comparing to the last week report results something have changed because last week results look sensible.

To ilustrate what I mean here is the couple of the rows:

Now

 

 

Bulletin Vendor Severity Custom Severity Released Compliance Applicable Installed Vulnerable

 

 

 

MS11-094 Important Not Set 40890 0 2 0 2
MS11-085 Important Not Set 40855 0.065 31 2 29
MS11-070 Important Not Set 40799 0 4 0 4
MS11-061 Important Not Set 40764 0 2 0 2
MS11-056 Important Not Set 40736 0.005 192 1 191
Before              
MS11-094 Important Not Set 13/12/2011 50.00% 2 1 1
MS11-085 Important Not Set 08/11/2011 93.50% 31 29 2
MS11-070 Important Not Set 13/09/2011 100.00% 4 4 0
MS11-061 Important Not Set 09/08/2011 50.00% 2 1 1
MS11-056 Important Not Set 12/07/2011 100.00% 197 197 0

Any ideas ?

Thanks

Tomasz

Comments 2 CommentsJump to latest comment

Roman Vassiljev's picture

Hi Tomasz,

Did you performed any changes in your environment during last week?

Patch compliance reports are updated as soon as NS receives results of the latest System Assessment Scan executed on client.
According to your tables it looks like NS thinks that clients have reported to NS that most of updates are not currently installed, however the same clients had reported that these updates were actually installed last week.
Let’s try to investigate the reason of such behaviour using bulletin MS11-070 (it is marked as applicable on 4 machines - now it is shown as not installed on all of these 4 machines, last week ago it was detected as installed on all 4 machines)
Firstly we need to check results of Windows System Assessment Scan executed on client and compare results with compliance report.

Could you please provide us with the following files from any of 4 clients where MS11-070 is applicable:
- Go to directory "C:\Program Files\Altiris\Altiris Agent\Agents\SoftwareManagement\Software Delivery\{6D417916-467C-46A7-A870-6D86D9345B61}\cache\" and attach 2 files: STPatchAssessment.log & STPatchAssessment.xml
- Go to directory "C:\Program Files\Altiris\/Altiris Agent\Agents\PatchMgmtAgent\" and attach file InstallLog.csv

Also please notify us in case if compliance report by bulletins is changed for MS11-070 comparing to results provided in your initial post.

Thanks,
Roman

Tomasz Wozniak's picture

Hi Roman,

Thank you for your suggestions.

First of all we are still using old good NS6.5 where assesment scan does not run.Secondly apparently magic happens from time to time. Today I run the same report again and almost all servers are back 100% compliant. I can't explain why it was low in first place and why it reverted to normal level.

Since our other 7 NS servers look ok, I am not going to spend more time what actually has happened on this one. In couple of months we should be on the new Ns7.1 platform already.

Thanks for your tips,

Tomasz