Kaseya Community

Kaseya Patch Status when Windows Updates broken

  • Hello to all. trying to put together some puzzle pieces here...

    We recently experienced an issue with a two computers for a client, which got infected with some bad spyware. During the troubleshooting work, my Engineer found that Windows Updates was not working.

    Kaseya showed that the machine was Fully Patched, per the patch policy. Yet, my Engineer said that he found it was missing patches (other than those Denied per the Patch Policy).

    His suspected that, if Windows Updates is broken on a machine, that Kaseya Patch status will not be updated properly.

    I was wondering what you think Kaseya would report, if the following was true
    - at one point, machine was Fully Patched, per the patch policy.
    - later, Windows Updates becomes broken
    - later, new patches are Approved

    What would Kaseya show at this time?

    Lloyd

    Legacy Forum Name: Kaseya Patch Status when Windows Updates broken,
    Legacy Posted By Username: lwolf
  • Kaseya uses the Windows Update Agent (WUA) as its primary data source to perform a patch scan. This is a Windows service which is also used by the Windows Update application. If this service is broken then Windows Update will fail, but Kaseya will scan using an alternate method - an offline data file (wsusscn2.cab) which is downloaded by the VSA server from Microsoft every 12 hours. The offline data file only includes critical and security updates, not optional updates such as service packs, software updates etc.

    So if Windows Update is broken because WUA is broken, Kaseya will still detect security and critical updates but not optional updates. It would not affect approval policies, although optional updates would no longer be reported (they would go back to their previous state when detected again).

    Legacy Forum Name: Patch Management,
    Legacy Posted By Username: dwalsh
  • Thanks very much Dominic.

    Lloyd

    Legacy Forum Name: Patch Management,
    Legacy Posted By Username: lwolf
  • Does this mean we can go ahead and disable the WUA service?

    Not sure how I'd want to approach this yet, but it could be an option to explore.

    Legacy Forum Name: Patch Management,
    Legacy Posted By Username: chris@busy.co.nz