KB#:  KKB001000

As many know, Microsoft's patch KB2823324 has created issues with Kaspersky.  There are several forum posts regarding this issue available for review:



The patch has been pulled from the Microsoft catalog, but many endpoints may have already installed this patch.  Due to the way Kaseya retains information about installed patches, when this patch is uninstalled from the system, it may still report as installed within Kaseya.  Therefore, a view searching for endpoints that have this patch installed will return results of machines where the patch may have already been manually removed. 

A Kaseya community member has posted a custom Agent Procedure that can be used in conjunction with a custom View to identify endpoints that have this patch installed.  This article contains the steps necessary to import the custom procedure and create the view.

  1. Download the custom Agent Procedure here:  http://community.kaseya.com/resources/m/knowexch/84575.aspx
  2. Within the VSA, navigate to Agent Procedures > Schedule/Create
  3. Select the folder into which you would like to import the procedure
  4. Click the Import Folder/Procedure button near the top of the page
  5. Using the upload tool, point to the location of the downloaded procedure
  6. Click the Save button.  You should see a procedure called "KB2823324 Detection" listed within the folder you selected in step 3.
  7. Near the top of the page, click the New button to create a new view
  8. Select the Last execution status option under the Agent Procedure section of the view configuration and set the radio button to "failed"
  9. Click the hyperlink "select agent procedure".  In the pop-up window that appears, locate and select the Agent Procedure "KB2823324 Detection".  The View configuration should look like:
  10. Save the view with a unique name
Run the KB2823324 Detection procedure on all endpoints where the patch may have been installed.  Once the procedure completes, set the View filter to the custom view created.  The procedure should FAIL if the KB is PRESENT on the system.  Therefore, any endpoint returned in this view should have run the procedure AND the procedure should have failed.  These are endpoints that have the patch installed and may need to be addressed.