Kaseya Community

Old patches keep appearing in Patch Management

  • Each week I check Patch Management to approve/deny patches. Sometimes there are little to none and sometimes there are rediculous amounts like 250 critical updates. The dates on them range all the way back to 2002 or such. Does anyone have any idea why these are coming back. Also I noticed Service Packs like XP SP3 and Vista SP1 keep returning and some have different dates. It just makes multiple copies in my denied/approved section.

    Legacy Forum Name: Old patches keep appearing in Patch Management,
    Legacy Posted By Username: stephen.mccollum
  • This is the reply I got back from support when I asked them the very same question:

    Author: yovani.linares
    Date: 18:14:50 15-Jul-08
    Hello,

    The patch policy notifications are most likely due to a new machine being scanned and the patches from the legacy scan made active and therefore added to the patch approval policies. This could also occur if a machine had its scheduled patch scan cancelled and then rescheduled. That action would force a legacy patch scan to occur followed by the newer WUA patch scan.

    The patch approval policies include only active patches. Active patches are those patches that are currently reported by at least one Agent in the entire system. Once that patch is no longer reported by at least one Agent, it is marked inactive and removed from all patch approval policies.

    When a machine is initially scanned, the legacy scan engine is used and patches in the legacy patch database are reported. Assuming the machine meets the requirements for the WUA scan engine, a WUA patch scan is automaticlly scheduled about five minutes after the initial legacy patch scan. When processing the first WUA patch scan results, the legacy patch scan results are deleted and are replaced by the WUA patch scan results.

    The above scenerio would have resulted in the patches from the legacy patch database being added to the patch policies resulting in the notification received. After processing the WUA patch scan results, the legacy patches would have been marked inactive and removed from the policies.

    Looking at the list of patches reported, we are convinced that this is the case because all patches reported are older patches and do not include any newer patches that would not be included"


    Now, the only thing that I'm certain of is that at no time has the change taken "5 minutes". It has taken anywhere from 24 hours to a week, with no real consistency seen, nothing that correlates in the system log, etc etc...


    Anyone else have any experience with this?

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: agagner
  • We saw it and had to have a Kaseya developer on our system to clean out a patch approval policy that was linked to a deleted collection.

    Michael

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: RCS-Michael
  • I will see what they can do to login and help me. Kaseya support is very hard to get to respond. I heard something about Microsoft messing up on one of their update databases causing patches to redeploy in WSUS. Wonder if it has done the same here.

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: stephen.mccollum