I've switched this this recently introduced Scan and Analysis profile in software management, mainly due to the issues with Kaseya Update strategy- old patches resurfacing, patches not applying.....
All Machines have 3rd party license enabled and a deployment schedule is enabled.
The problem is that either no third party patching is occurring, or I have no visibility of it. If I manaully check machines, I'm not seeing software updating (Chrome 2 versions old, adobe reader a few versions behind ...)
I raised this issue at my last technical account review and was told this strategy only patches the OS- now that just doesn't make sense.
Is anyone else having issues with this, or perhaps just avoiding this approach?
Yes, I'm, looking at alternatives. I'd say that keeping 3rd party applications (and OS) patched is (probably significantly) more important than Antivirus.
So I need to start looking at the investment in patching solutions as on par with AV investment.
Do you have a support ticket open on this case? If so, please pm me with the details and I will assist.
Did you ever get it to work? I just moved to 9.5.1, and ll,earning that SM is a piece of work.
No, still not working. Not planning on renewing Software Management module this year.
This defect was resolved and will be a part of our 9.5.2 feature release.
I was told that no one else is having issues with SM, I'm not buying it. I discovered a bug with scans showing 50 - 60 missing patches only on my 2012 servers. Also noticed on my 2008 servers there is a 2gb cache file c:\programdata\task\lumension\lm.detection.cache, so it appears their SM uses the ivanti module (which has a lot of weird issues). I imagine Kaseya is at the mercy of Ivanti fixing their issues.
cjolesch it is correct software management utilizes ivanti backend for the binaries currently however the product issues can be separated between Software Management the module and Ivanti based on the binaries.
Windows 7 and Windows 2012 endpoints will display a larger amount of vulnerabilities due to the change with the Microsoft Strategy on those endpoints. We elevated our over-ride function in our next release to create custom rules based on Release date. This cleans up the vulnerabilities displayed for these older Operating systems.
Feel free to PM me to discuss Software Management and your feedback.
Have all the bandwidth issues been fixed yet in SM, or does it still take every bit available when scheduling more than 2 or 3 at the same time?
Tom Fehlberg what we had do end up doing for some low bandwidth sites was get Kaseya to setup peer-to-peer process for SM. We use SM for patching and it was absolutely killing the bandwidth at a couple of sites until they setup peer-to-peer. Now Only a few endpoints use external bandwidth, and all the other endpoints copy from them.
I was not directly involved in that project, so that's about all the details I have about it. I recommend contacting Kaseya to see if that's a viable setup for your scenario.
Good news regarding the fix for the 3rd Party patching as I have been waiting for this for a while. Hopefully not too long now.
I opened a support ticket (Request #1801911) as I was seeing regular errors on the console that would read "Failed to configure Windows Group Polices. See logs for details"
The response was as follows:-
Thank you for contacting Kaseya Support. My name is xxxxxxxx and I have been assigned to work with you on this request. and I would be more than happy to help you with this.
Can you please change the patch strategy to "Kaseya update" and let me know if you still see the issue?
We do not recommend using Only OS Updates in an environment where GPO is already used (e.g. through Active Directory) as this may conflict with the settings applied by Kaseya.
Once this "Only OS updates" profile is applied, updates will be managed entirely by Windows Update. Status of updates will not be reported in Kaseya.
We will not be able to see any errors if any occurred, i.e., If the OS Updates strategy is used, the VSA admin has no control over which patches are deployed or which updates to be rejected.
I hope this helps.
Will support be changing their stance any time soon otherwise I wil have no choice to revert if I cannot get any assitance when using this Patch Strategy if problems occur?
This is correct. We have corrected the behavior for this patch strategy. Now if this strategy is applied to an endpoint where GPO is also managing the settings - we have now added intelligence for SM to cease over-riding those settings and create a Windows Event.
Creating the Windows Event a user can leverage our monitoring module to monitor for this event log if it occurs.
Hi Oscar Romero is this Windows Event creation documented?
Can you please post the link to this documentation?
Does this is in effect mean it will supress the error "Failed to configure Windows Group Polices. See logs for details" I mentioned?
Do you have an eta at least for this side of the year?
Patrick van Strien
Yes the link will be made available once the release has been published. Please remember, this is for 9.5.2. feature release; this will be our next release.