Kaseya Community

Patch management issues - missing patches

  • Having some issues with a new machine we just put in - it's not detecting missing patches. This is roughly since SP3 showed up on K, but may have nothing to do with it.

    Here's the deal. We have K through a hosted vendor. All of our machines that are in the same group are fine - they show 100+ patches installed on each machine. These are all XP SP2 right now. New machine went in, and it showed only needing 20 or so patches. Figured maybe it needed those and then would find more, so we ran those patches, rebooted, and rescaned for patches. Didn't find anymore. So this machine sits with 30 some patches installed, and it doesn't show it needing anymore.

    We went to the Microsoft Update site and it found 76 patches needed (That's more like it.)

    We rescan for patches in K and checked the WindowsUpdate.log file on the machine. It also shows it needs 76 patches at the time we ran the K scan.

    Any ideas? We haven't manually patched this machine yet, but we do need to get it into production NOW. Was just hoping to troubleshoot before it goes live and we're forced to manually patch.

    Legacy Forum Name: Patch management issues - missing patches,
    Legacy Posted By Username: DiPersiaTech
  • Did you check your patch approval policies?

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: rwitt
  • Good thought, but it's a hosted system. They have the system set to allow all patches for all machines and it's not a setting we can change.

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: DiPersiaTech
  • I recall a while back there was a similar post in this forum about that, but I can't seem to find it now. The cause ended up being that the scan logs either weren't written out, or were retaining old data. They just needed to be deleted and then the K agent re-created them. I would open a ticket with your Kaseya vendor, they'll be able to tell you where the scan results for each scanner is stored and how to rectify the issue.

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: arobar
  • You might search the knowledgebase if you haven't already. Maybe a Kaseya rep will respond with a link to the appropriate article?

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: rwitt
  • Got my answer from Kaseya after they spent time looking at the workstation and trying to figure out why the patch numbers were incorrect -

    In working with out of our developers, it was advised the reason for the large gap of patches between the Kaseya scan and the Microsoft scan is as follows:

    When we use the Kaseya Update Scan, many patches are being pruned out by the Kaseya Update Scan as superseded by SP3 as SP3 is now available. If you go to Windoes Update, it will tell you that you need to install SP3 first, but if you decline, it will include the superseded patches that the Kaseya Update Scan pruned out.


    That is a poor answer. What if we just want to do a few patches instead of patching EVERY machine to SP3 at a given time. Ever heard of slowly rolling out patches instead of just assuming SP3 has no bugs and forcing us to roll it out if we want to continue patching? That's just stupid. I even ASKED if the issue was related to SP3 when I initially opened the ticket, no one knew the answer though.

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: DiPersiaTech