Symantec Management Platform (Notification Server)

After the last PMImport (evening of 11/10/2015), our compliance reports showing large count of devices missing some of the older patches (MS13-085 for example, is showing hundreds of devices missing this patch).

I have a ticket open already for some other devices that show patches needed in compliance reports but not on the agent on the workstation. One of the things we did was implement patches for 'Windows update client', which we pushed weeks ago, without any change. But after the latest PMImport, the Vulnerabilities by Severity compliance report is totally out of whack.

Anyone has any idea on best way to tackle this mess?

I've just checked mine and it still looks OK. I'd approach this using small steps. Look at one patch on one PC first; is the report correct that it's missing. Then take it from there, you'll either need to look at reporting if the PC has the patch or why it hasn't got it if it doesn't.

That's the thing, none of the devices listed in the compliance report show that specific patch needed on the local agent. The standard vulnerability report is used without any modification at all. So, my question is, what should I be looking at specifically in regards to the report itself?

Like I said, is the report correct that it's missing, is the patch actually needed on the local agent?

No, the patch isn't needed. Even took one of the devices for testing and ran windows updates to see if that patch is needed but it wasn't.

 

OK, look at Resource Manager from the console for that PC. Go to View > Inventory > Data Classes > Software Management > Patch Management > Applicable Windows Software Updates and see if the patch is listed there. That will tell you if it's the report or the data that's wrong.

It looks like data is wrong. The 'Applicable windows software update' under the 'current' list shows it there. So, I guess that data is incorrect. Any way for me to to solve the issue or do I have to create a ticket?

What is the date in the status tab for date last changed? When was the Patch Assessment last run on the PC according to the Symantec Agent on the PC? Is the update showing in "Installed Windows Software Update" You should be able to find a KB article that will help you troubleshoot here: "Configuring & Troubleshooting Patch Management 7.5" http://www.symantec.com/docs/HOWTO95496

Data Last Changed: 11/23/2015 9:15:27 AM CST
Run time according to the agent: 11/23/2015 9:13:45 AM CST
kb2760591 is not installed locally nor does the local agent see it as needed. Considering that the list shows it as x86 and system is 64 bit is additional thing that keeps me wondering.

 

KB2760591 is an Office patch so the x86 version will be required if you have installed 32 bit Office. So "Applicable Windows Software Update" in Resource Manager for a PC shows KB2760591 and it's not in "Installed Windows Software Update" nor is it listed in the local Symantec Management Agent "Software Updates" tab? Check the GUID shown in the address bar of the Resource Manager window and compare it with the GUID shown in the local agent. Try deleting the Computer record from NS altogether and getting the Symantec Management Agent to send a Basic Inventory and recreate it - see if the problem persists.

And try running KB2760591 manually on the PC.