Has anyone had any success making a helpful report for Software Management? I am having issues creating a report that simply shows failed patches. The built-in "Failed Patches" report part appears to be broken.
I also noticed that the number of vulnerabilities shown in the "Current Vulnerabilities" report part differs from the number of vulnerabilities shown in the Software Management module. Fun!
My issue is Out of Compliance number is stating on 15% in compliance but when check scan and deploy schedules and individual machines, they are not out of compliance...
I am still having this issue even after the recent patch, anyone else having similar results with Compliance reporting being completely inacurate.
I have a test machine that is always on, never misses a scan or deployment schedule, and i have compliance checks run daily. And it still states 0% in compliance.
I am having the same issues with vulnerabilities and compliance numbers seeming not accurate.
SM is basically junk, and the .26 patch has done nothing to improve it. The idea is good but the module just doesn't work. A quick poke around the sql back end shows fundamental flaws in the design, and changes in design (top 10 reports only return top 5) that haven't been addressed.
The mess that is the sql shows why the reports are broken.
Also the documentation hasn't been updated for .26 so there's options there not documented as to what they actually do or how to use them. That's pretty poor form.
We have report packs via our automation exchange you can add to your server. Software Management is missing some reporting functions which I feel are crucial to our users. This is already been prioritized and will be released in an update.
I respectfully disagree with your assessment on software management and our .26 release.
We definitely do have a lot of work scheduled to improve software management in many aspects to improve resiliency and user experience.
In .26 we introduced Native Window Control via software management to extend reach and management capabilities along with a few fixes.
They are all referenced in the release notes and documentation.
I clicked on the reset button on the top right hand corner to the right of "View" and it apparently reset and I can now see all of my machines. The reset button was out of view, but I didn't have any views set or machine groups selected, so I still don't know where it was filtered.
the 'configure operating system update' patch strategy is not documented. It may perhaps be obvious, but never the less it is omitted from help.kaseya.com/.../9050000
There is no explanation of the %machines in/out of compliance dashboard chart - as in what parameters determine if a machine is 'in' or 'out' of compliance.Nowhere in VSA UI can you see the names of the machines that aren't complaint or determine why their compliance status is what it is. You can generate a report on compliance however not seeing this in the UI is pretty difficult to manage.
Speaking of this, i have a machine with vulnerabilities shown as 0, pending patches blank and nothing reporting under pending actions or errors, yet the out of compliance report lists this machine with the error "vulnerabilities flagged but not deployed". The out of compliance date is from 8 months ago. clearly the report is picking up on old data.
if you change the machine group whilst viewing the 'dashboard' screen, you receive a 'no records selected' message.
The dashboard displays third party vulnerabilities [e.g. safari, ms office] even if settings -> 'ignore third party patches' is selected. I understand that components that ship with the OS e.g. safari are not classed as third party, but ms office certainly is a not "part of the OS". Did Kaseya mean to say 'not patched by the built-in OS update mechanism' as opposed to the phrase 'third party'.... i.e. if widows update patches it (ms office, sql, exchange, etc...) then it's included in scans?
Once a machine is marked as having an error (red triangle ! icon) under machines - pending actions column, the error remains even if the error is subsequently resolved e.g. the trigger is a patch failing to install, but that patch later installs successfully....hence, the machine is no longer in an error condition but the red ! triangle is not removed.
There is no obvious mechanism to, globally un-approve an approved patch. This is critical since sometimes patches turn out to be bad and need to be revoked. The process requires a patch override profile to be created, then applied to all machines. The patch itself is still approved, but the override takes precedence and blocks patches. It's horribly awkward to work with.
These are just a few of the frustrations with SM we see that make it unusable.
In digging a little further, most agents have a LastCompliancecheckDate of NULL in the SQL table [SM].[Machine]
This implies compliance checks are not running at all. i have verified that in VSA the settings dialog shows compliance checks as scheduled every day at 6am. I know the agents are online at this time.
If compliance checks are not running, this would explain a lot about why reports are wrong. How do compliance checks actually run and how can we verify this ???
I just can't trust it. At all. I am at the point where I just hope machines are getting patched. he entire module is broken. Reporting does not work. Scanning does not work. The reboot process is hopelessly broken. That stupid reminder message is one of the worst implementations I have ever seen. Kaseya's suggestions to us was to either 1) have pop up more often or b) take it away entirely. We chose B, because or clients were complaining. I have a solution, how about, when the agent first start, clear the "need reboot" flag. Because if the agent is just starting, chances are pretty good the machine just rebooted.
I have 1 machine that shows 529 vulnerabilities. All over 6 months and some are 10 year old patches. They all show error, but I can't find the reason. And most are things not expected to find on a Windows 10 machine, System Center, Forefront, etc.
We uer Autotask as our PSA. We will be going to a single vendor solution soon. We were heavily leaning towards going to BMS. But now, we are heavily leaning to let our Kaseya contract expire and go to Datto RMM. It cam't be worse.
I agree! We are strongly considering another product. I have spent WAY TOO MUCH time trying to get this to work right when it should be close to a "set it and forget it".
Oscar Romero, what is Kaseya's plan on this?