Patch Definitions with Detect in the name

Version 3

    Verified Product Versions

    Endpoint Manager 9.6Endpoint Manager 2016.xEndpoint Manager 2017.xEndpoint Manager 2018.x

    Problem

    Patches are being detected as Vulnerable but there is no associated patch to download and remediate

     

    Example of Affected patch(s):

    MS18-06-W10-4284880

     

    Solution

    Ivanti has released a DETECT_ONLY definition that will show it is vulnerable on the applicable systems. Being a detect only definition is informational only and cannot be used to repair the system. In order to repair the system there are prerequisites that must me met before attempting to repair the  DETECT_ONLY definition. The prerequisite can usually be found in the properties of the DETECT_ONLY definition in the description. Once the prerequisite has been met the standard definition will be offered.

     

    Ensure that the prerequisite has been met.

     

    In our example If KB4132216 has been installed then we will detect MS18-06-W10-4284880 as missing, if KB4132216 is not installed we will detect MS18-06-W10-4284880_DETECT as missing so you know the vulnerability is present but it cannot be remediated  until the prerequisite is met.

    Detect.PNG