Patch Management Solution

Hi,

I have a computer that appears to be missing KB3070738 (part of MS15-069).  MBSA 2.3 and Windows Update both report that the patch is required however Symantec Patch Management does not seem to think it is needed.  Looking at the "Windows Compliance by Computer" report I can see that is is NOT in the list of "Applicable Updates" for this computer, however KB3067903 (which is also part of MS15-069) is listed and flagged as installed (verified by looking at the agent log).

I looked at some of the file versions listed in KB3070738 and they are definitely older versions on the computer.  Also, if I look at the report "Windows Compliance by Update" I can see that it is being detected as required on other computers.

Does anyone have any advice on how I can begin to determine why this patch is not being detected as required by SPM on this one particular computer?

Thanks for any help.

When was the last time the Windows System Assessment Scan has run on that computer?

Hi HighTower,

I have checked the agent log and can see it ran again this morning.  Is there a better place to look for this information?

Here are a few places to gather more data from the patch agent itself:

This shows a history of installation attempts and their disposition
C:\Program Files\Altiris\Altiris Agent\Agents\PatchMgmtAgent\InstallLog.csv

This is the SWD location of the executables and policy templates that the Windows System Assessment Scan uses and then reports to the Management Server
C:\Program Files\Altiris\Altiris Agent\Agents\SoftwareManagement\Software Delivery\{6D417916-467C-46A7-A870-6D86D9345B61}\cache

(If that is not the correct path in your system search the computer for location of "AeXPatchAssessment.exe"

Do you only have one computer that's failing to install this update or are there others?

Thanks for the information - I knew about the InstallLog.csv file, this is where I looked first, but the STPatchAssessment.log is new to me.

Looking at the "Windows Compliance by Update" report I see there are 48 applicable, 31 Installed and 17 Not installed computers for "Windows6.1-KB3070738-x64.msu".  The computer in question does not appear in the list of applicable computers for this update.

Searching for MS15-069 in STPatchAssessment.log I found the following entry:

2015-08-12T11:00:38.4348423Z 06d0 V PatchTest.cpp:610 Testing 'MS15-069'.
2015-08-12T11:00:38.4348423Z 06d0 V PatchTest.cpp:707 Bulletin 'MS15-069', filecount = 4, regcount = 1.
2015-08-12T11:00:38.4348423Z 06d0 V PatchTest.cpp:1273 File 'C:\Windows\system32\CEWMDM.DLL' error: 0.
2015-08-12T11:00:38.4348423Z 06d0 V PatchTest.cpp:1276 File C:\Windows\system32\CEWMDM.DLL (12.0.7601.18872)  C 2 12.0.7601.23075 (AC 5).
2015-08-12T11:00:38.4348423Z 06d0 V PatchTest.cpp:1273 File 'C:\Windows\system32\CEWMDM.DLL' error: 0.
2015-08-12T11:00:38.4348423Z 06d0 V PatchTest.cpp:1276 File C:\Windows\system32\CEWMDM.DLL (12.0.7601.18872)  C 2 12.0.7601.18872 (AC 5).
2015-08-12T11:00:38.4348423Z 06d0 V PatchTest.cpp:1290 Is *A* FileChange
2015-08-12T11:00:38.4348423Z 06d0 V PatchTest.cpp:1273 File 'C:\Windows\SysWOW64\CEWMDM.DLL' error: 0.
2015-08-12T11:00:38.4348423Z 06d0 V PatchTest.cpp:1276 File C:\Windows\SysWOW64\CEWMDM.DLL (12.0.7601.18872)  C 2 12.0.7601.23075 (AC 5).
2015-08-12T11:00:38.4348423Z 06d0 V PatchTest.cpp:1273 File 'C:\Windows\SysWOW64\CEWMDM.DLL' error: 0.
2015-08-12T11:00:38.4348423Z 06d0 V PatchTest.cpp:1276 File C:\Windows\SysWOW64\CEWMDM.DLL (12.0.7601.18872)  C 2 12.0.7601.18872 (AC 5).
2015-08-12T11:00:38.4348423Z 06d0 V PatchTest.cpp:1290 Is *A* FileChange
2015-08-12T11:00:38.4348423Z 06d0 V PatchTest.cpp:735 A file was tested.
2015-08-12T11:00:38.4348423Z 06d0 V PatchTest.cpp:1470 Key 'SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB3067903~31bf3856ad364e35~amd64~~6.1.1.0'.
2015-08-12T11:00:38.4348423Z 06d0 V PatchTest.cpp:1628 Reg passed.
2015-08-12T11:00:38.4348423Z 06d0 V PatchTest.cpp:610 Testing 'MS15-069'.
2015-08-12T11:00:38.4348423Z 06d0 E DynamicProductDetection.cpp:2177 *** Error *** in COMPARE. Could not find VarName1 'CurrentState'. Detection of this product may be in error as a result.
2015-08-12T11:00:38.4348423Z 06d0 V PatchTest.cpp:1113 Return[DOES NOT APPLY] Message[]
2015-08-12T11:00:38.4348423Z 06d0 V PatchTest.cpp:653 NOT testing 'MS15-069' - patch script said it did not apply.

The file tested, CEWMDM.DLL, is a component of the patch for KB3067903, but I'm not sure if the other patches are tested for some reason.  Updates listed for MS15-069 are:

Windows6.1-KB3067903-x64.msu
Windows6.1-KB3067903-x86.msu
Windows6.1-KB3070738-x64.msu
Windows8.1-KB3061512-x64.msu

I'm not sure if this update is failing to install on any other computers at the moment.

For what it's worth this is what mine shows yet Windows Update does not detect the patch as being not installed.

2015-08-12T14:26:33.6293384Z 2f24 V PatchTest.cpp:610 Testing 'MS15-069'.
2015-08-12T14:26:33.6293384Z 2f24 V PatchTest.cpp:707 Bulletin 'MS15-069', filecount = 4, regcount = 1.
2015-08-12T14:26:33.6293384Z 2f24 V PatchTest.cpp:1273 File 'C:\Windows\system32\CEWMDM.DLL' error: 0.
2015-08-12T14:26:33.6293384Z 2f24 V PatchTest.cpp:1276 File C:\Windows\system32\CEWMDM.DLL (12.0.7601.18872)  C 2 12.0.7601.23075 (AC 5).
2015-08-12T14:26:33.6293384Z 2f24 V PatchTest.cpp:1273 File 'C:\Windows\system32\CEWMDM.DLL' error: 0.
2015-08-12T14:26:33.6293384Z 2f24 V PatchTest.cpp:1276 File C:\Windows\system32\CEWMDM.DLL (12.0.7601.18872)  C 2 12.0.7601.18872 (AC 5).
2015-08-12T14:26:33.6293384Z 2f24 V PatchTest.cpp:1290 Is *A* FileChange
2015-08-12T14:26:33.6293384Z 2f24 V PatchTest.cpp:1273 File 'C:\Windows\SysWOW64\CEWMDM.DLL' error: 0.
2015-08-12T14:26:33.6293384Z 2f24 V PatchTest.cpp:1276 File C:\Windows\SysWOW64\CEWMDM.DLL (12.0.7601.18872)  C 2 12.0.7601.23075 (AC 5).
2015-08-12T14:26:33.6293384Z 2f24 V PatchTest.cpp:1273 File 'C:\Windows\SysWOW64\CEWMDM.DLL' error: 0.
2015-08-12T14:26:33.6293384Z 2f24 V PatchTest.cpp:1276 File C:\Windows\SysWOW64\CEWMDM.DLL (12.0.7601.18872)  C 2 12.0.7601.18872 (AC 5).
2015-08-12T14:26:33.6293384Z 2f24 V PatchTest.cpp:1290 Is *A* FileChange
2015-08-12T14:26:33.6293384Z 2f24 V PatchTest.cpp:735 A file was tested.
2015-08-12T14:26:33.6293384Z 2f24 V PatchTest.cpp:1470 Key 'SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Package_for_KB3067903~31bf3856ad364e35~amd64~~6.1.1.0'.
2015-08-12T14:26:33.6293384Z 2f24 V PatchTest.cpp:1628 Reg passed.
2015-08-12T14:26:33.6293384Z 2f24 V PatchTest.cpp:610 Testing 'MS15-069'.
2015-08-12T14:26:33.6293384Z 2f24 E DynamicProductDetection.cpp:2177 *** Error *** in COMPARE. Could not find VarName1 'CurrentState'. Detection of this product may be in error as a result.
2015-08-12T14:26:33.6293384Z 2f24 V PatchTest.cpp:1113 Return[DOES NOT APPLY] Message[]
2015-08-12T14:26:33.6293384Z 2f24 V PatchTest.cpp:653 NOT testing 'MS15-069' - patch script said it did not apply.

Perhaps if you delete the .xml files from the cache folder and then them redownload?  Otherwise I'll probably want to defer to Joshua or someone else from Support on this.

Thanks for your time on this HT.

OK, I stopped the Management Agent then backed up and deleted the .xml files in the cache.  I restarted the Mangement Agent and the .xml files were recreated/downloaded.  I manualy ran "AeXPatchAssessment.exe" from an elevated command prompt then checked the resulting STPatchAssessment.log but I see the results are the same.

At the moment I have left the computer running "sfc /scannow", so I'll check the results of that when I get back to the office tomorrow.

It seems that "sfc /scannow" found no problems, so I'm a little stuck at the moment how to proceed.  Any further help will be greatly appreciated.

https://support.microsoft.com/en-us/kb/3070738

Prerequisites

OK, I can see that SP1 is installed as is 2830477.

I tried the installation of KB3070738 manually and it completed successfully.  Tomorrow if I get chance I uninstall KB3070738, reinstall the agent and see what happens.

Thanks again for your help.