Patch Management Solution

 View Only
  • 1.  Altiris 7.1.2 deployed patches reported as missing by MBSA

    Posted Jun 23, 2015 02:14 PM

    Greetings;

    My test PC's are reporting they are missing critical patches through Microsoft Baseline Security Analyzer that my Altiris console lists as having the same patches installed.  This may not be an issue with the system and may be more of a understanding deficiency on my part.  Any advice on why this could be happening would be greatly appreciated as I need to be able to trust that what Altiris is telling me as patched...  IS actually patched.

    As an example, MS15-044 is one that MBSA says is needed on my windows 7, office 2007 test PC's.  When I get details from MBSA, it states KB2883029 is missing.  But when I run a Compliance by Computer report, and choose "view installed updates" on the target PC, I see that both KB3048070 and KB2881073 (both from MS15-044) are applied.  No mention of KB2883029 being deployed to the machine, which makes sense so far.  But when I check my policy, KB2883029 is indeed part of MS15-044 and is enabled to deploy.  I don't understand why Altiris seems to have delivered only a partial set of patches for what the workstation needs (According to MBSA).

    In addition, please let me mention MS15-011.  Altiris reports that it's deployed to the same machine and references KB3000483.  MSBA however, reports this as a missing critical update.  To take it a step further, I ran "WMIC qfe" and exported the list to a text file.  KB3000483 is listed there as installed by NT Authority.  Which unfortunately just adds to my confusion.

    What piece of the puzzle am I missing? Any advice would be greatly appreciated.

    Thanks in advance for your time.

    - Michael Babb

     



  • 2.  RE: Altiris 7.1.2 deployed patches reported as missing by MBSA
    Best Answer

    Trusted Advisor
    Posted Jun 24, 2015 01:28 PM

    I would start by going to the KB article on Microsoft's site and looking at the list of the files that are updated in one of those given patches.  Then take a look at your target machine to see if those files are at that version or higher.  If the file is up to date then it's a matter of understanding why MBSA isn't detecting properly or why the update didn't register itself in the registry (or wherever MBSA is gathering its information from).



  • 3.  RE: Altiris 7.1.2 deployed patches reported as missing by MBSA

    Posted Jun 24, 2015 03:57 PM

    Thanks for the response Hightower...

    Just got off the phone with Symantec support.  It's been labeled a MBSA reporting issue where I was advised to lookout for newer versions of MBSA from Microsoft that hopefully won't report false positives.

    Thanks again for your time!

    - Michael Babb