Hello. Can anyone help me understand why Skype keeps getting installed on my machine after i have uninstalled and denied the patch in patch management? Is it rolled into another update? Thanks
You can check the Config Changes log to see if the patch was scheduled for installation via Kaseya's Machine Update or Patch Update functions. These functions allow admins to bypass Patch Policy and install denied patches. You can also check the Agent Procedures log to see if the patch was installed as part of an Initial Update or Automatic Update function. If the patch is included as part of the install scripts for an Initial or Automatic Update, then that indicates the patch was approved in all patch policies assigned to the endpoint. Automatic and Initial update will ALWAYS follow patch policy, without exception. To determine any of the above, you would need to identify the patch KB number responsible. You can use the Patch Filter function to determine any patch whose title includes "Skype" to try to locate the patch, research Microsoft to find any patches that may be installing Skype, or try some Google searches to see if you get any hits. You can also check an online community, patchmanagement.org, for information. This site provides a listserv (and includes archived threads) about all-things-patch. It is heavily Microsoft, but also includes non-MS threads and is not specific to a single update/patch solution. Members come from all walks of life, all levels of experience and expertise, and are using a variety of patch solutions.
If Kaseya is not involved in the install, the patch may have been installed by downloading and executing the patch, bundled into another installer, or installed via the local Windows Update client. Kaseya recommends the Patch Management > Windows Auto Update function is set to Disabled to prevent the local Windows Update client from running regularly to install patches (and to disallow end users from using the client to install patches). Disabling the WU client does NOT prevent the user from installing all patches, just using the WU client to do so. Users can still download the patch directly from MS (if available) and/or install products through bundled installers, if that level of access is available to the end user.
You can also check %systemroot%\windowsupdate.log to check to see if the windows update agent, either directly OR through its .api, is responsible for the installation. To do this, you will need to determine the KB number and/or the update ID as the windowsupdate.log file is not completely straightforward and most entries refer only to Update ID (some install attempts will include KB number, but most entries do not). The Update ID can be found in Kaseya by clicking the hyperlinked KB number. The first two of the four sections in the Update ID section of the patch data-pop-up are what you will find in windowsupdate.log.