2 Replies Latest reply on Oct 23, 2014 12:01 PM by steve.molander

    LANDesk Patch and Compliance missing patches?

    steve.molander Apprentice

      After an internal vulnerability assessment it was found that we were missing several patches on a majority of end points.   When checking the end points, we found LANDesk reported them to be fully compliant (clean).   As a check we ran windows updates and found up to 12 missing patches.   When we run Windows Updates, the patches are downloaded and installed, so it does not seem like these are ghost items.

       

      In checking to see if we had simply turned off scanning for these vulnerabilities, I searched the "All Items" folder for the KB numbers of the missing patches.   In every case the patch was not found.    I would have assumed that if the patch was superseded or replaced, it would have still shown up on the "All Items" list. 

       

      An example of the "missing patches" would be KB2979578, KB2972216, KB2972107.  And there are more if anyone needs additional examples.

       

      Why are these vulnerabilities not being found by LANDesk?    This is critical as my only other option is to turn on WUS for a period to catch up on all missing patches; which I would rather not do.

       

      Thank you.

       

      LANDesk 9.5 SP2

        • 1. Re: LANDesk Patch and Compliance missing patches?
          jhackett SupportEmployee

          Steve,

          LANDESK handles patching in a different way than Microsoft does. Microsoft typically only looks at  registry keys to detect if a patch has been installed. We have a dedicated team that takes the information from Microsoft about the actual files that cause the vulnerability and write a custom detection to find them. If you have those files then we install the patch if not we won't install the patch just for the sake of installing it.

           

          Also you are searching by KB number in LANDESK, you need to be searching by bulletin number. For example KB2979578 falls under MS14-057, search that. If there isn't a corresponding bulletin number just search the number portion of the KB. ie. 2979578

           

          Also I have seen the same thing with the Nessus Scanner. It was only detecting that the patch wasn't installed by a registry key, but the vulnerable files weren't present on the system which is why LANDESK doesn't show the system needing the patch.

           

          If you would like a more in depth explanation please contact support.

           

          Thanks

          1 of 1 people found this helpful
          • 2. Re: LANDesk Patch and Compliance missing patches?
            steve.molander Apprentice

            Thank you.   We are planning on verifying the findings using our internal Nessus scans.   My challenge is I now have an audit department that is questioning our ability to fully scan to policy.   Your answer makes sense.  I'll let you know what we find with the follow up scans.   Thank you.