Kaseya Community

Keeping track of Patch Management

  • Is the machine update the only way to go back and see if there were any updates downloaded from the previous automatic update schedule?

  • Johnathan,

    You can see the history in a few different places.  Patch Management > Machine History will provide a list of all patches that have been applied to the system, including the date of install.  If the patch was installed outside of Kaseya (ie., by Windows Automatic Updates), the date will usually appear as "date unknown" or something similar (depending on your version of the VSA.  If the patch was installed via Kaseya, then the date/time of the patch installation will be included.

    You can also check logs to see which patches were installed and when (Agent > Agent Logs).

    Configuration Changes log:  For patches scheduled via Automatic Update, the log will indicate the number of patches that were scheduled for installation, but not the actual patches that were scheduled (you can get that from the Agent Procedure Log).  For those patches scheduled via Machine Update or Patch Update, the Configuration Changes log will include the specific KB numbers of the patches that were scheduled

    Agent Procedures Log (or Script Log, depending on the version of the VSA):  This log includes every agent procedure that fires.  As the patching process is a string of various scripts (or procedures), you can review this log to determine exactly which patch script was executed.  Look for an entry similar to "Executed patch: <KB Number>".  There will be one script listed for each patch/KB installed during that patch cycle.  

    Finally, if your Patch Management > File Source is set to download patches directly from the internet to the endpoint, patches are installed via Automatic Update using the Windows Update Agent (Microsoft's patching utility, AKA "WUA") on the local machine.  WUA logs all of its actions to c:\windows\WindowsUpdate.log.  This log file can be a little cumbersome to read through, but all of WUA's activities, including installs will be logged in this file.  Note that if your file source is set to a LAN File Share or the system server, this log file will NOT contain installation attempts but will contain patch scan results.  

    I hope that helps.

    Thanks,

    Brande

  • I think we need a much better way to track this as we received a request on what patches were instaleld on a mchine on the weekend maintenance and it took me an hour to dig through everything to try and find the answer, which sadely enough in the end was nothing...but I couldn't actually tell without digging through everything,especialyl since the history tab in Patch managmeent isn't filterable or sortable so its mainly just useless...