One of my tech's ran into this the other day, and I hadn't seen it previously. Many times I've seen where windows updates end up leaving multiple versions of one .exe on a machine. For example, internet explorer updates are famous for this. You'll have the current release under the program files directory and then you'll have all of the old ones that have ever been on the machine in the uninstall directories. This has always made it challenging to create views for specific application versions. However I recently ran across a completely different issue with this. We had a security vulnerability in an HP utility that we were working through updating. So we created a view for machines where the application version string was < the new version. This worked great initially. We ran the update script on everything that matched that view, then re-ran the latest audit and most of the machines dropped out of the view. However we had several that kept showing up. SO we looked things over and found that somewhere along the line for several of the machines, we had a backup copy of a directory structure that included that HP utility in it. So there were multiple versions of the HP utility on the machine. So ok no problem we delete the files from those directories, go back and re-run the latest audit again. The machines are *still* showing up in the view.
Looking at the installed applicaitons under the audit tab, the machines are still showing the old version of the app that we had removed. It looks like run the latest audit didn't remove "old" entries out of the list of installed applications, it only updated existing ones, and added new ones. So it was still showing entries for exe files that no longer existed on the machine.
We were able to get the list to completely reset by rerunning the "initial audit", but I'm wondering if this is a bug or is this how it's supposed to work?
This is definitely a problem for us. For us, support's answer has been to re-run all the audits which normally works but then rinse and repeat every couple months. The problem is, you don't know what agents aren't reporting audit data correctly, so do you just re-run the baseline audit every day?
I would love to hear how people are combating this (or if its just me?) because it really messes with the reliability of the views. Support has also said they are working on a better solution. I think that was a year or two ago.
Ah yes, this old chestnut :)
I've asked several times for the 'application' filter in views to incorporate a 'path' filter as well. Kaseya's database already maintains a table for executables *and their paths* so this really wouldn't be hard to implement.
Although this won't solve the issue of the audit inconsistencies it would at least allow us to create views that work the way we need them to.
I might raise this with them again, it was a while since I last brought it up.
Agreed, this is definitely a pain. Update us if you hear back from them Combo !