5 Replies Latest reply on May 23, 2017 6:30 AM by MrGadget

    What does it take to get a computer off the Affected Computers list

    MrGadget Expert

      I'm running LD 9.6 SP3

      I've pushed out a patch to nearly 700 computers but they still show on the affected computers list.

      I have the historical data running every hour. I tried running both a Patch and Compliance scan and inventory on a couple to see if they disappear but they are still listed.

        • 1. Re: What does it take to get a computer off the Affected Computers list
          Peter Massa Expert

          It depends on the patches requirement for a reboot.

           

          If a patch does not require a reboot - it will drop off the list usually right away.

           

          If the patch requires a reboot - then it will require the reboot to occur and for the client to send a vulscan update confirming it is no longer vulnerable.

           

          If you want to run a report on systems that have the patch installed vs not - then use the inventory data and do a query that looks at the Detected Patch info and look at the install status, attempt, etc.  I would review a few systems and get familiar with the inventory data available there then create your query.  For currently installed status - usually "-1" = removed, 0 = not installed, 1 = installed.  For the actual installation attempt status, 0 = hasnt tried, 1 = failed, 2 = success.

           

          Hope this helps,

          Peter

          • 2. Re: What does it take to get a computer off the Affected Computers list
            phoffmann SupportEmployee

            YEP - Peter's answer has most of it.

             

            Essentially, the common situation is as follows:

             

            1 - Device shows up as vulnerable

            2 - Device gets patched. (Yay).

            3 - Device MAY (usually does) need 1+ reboot(s).

             

            4 - Device MAY need additional patches to be installed and further reboots. This may happen a few times, depending on the patch & so on.

             

            5 - After (4) has taken place, the device will need to re-scan against the vulnerabilities, to make sure it *IS* indeed patched. We do this automatically after a patch has been installed (but "stuff - such as IIS may go wrong and the results file may not make it to the Core).

             

            6 - Only once the Core has got the updated results (all saying that "yep - this is patched" hopefully) will the relevant device no longer be shown as vulnerable.

             

            Does this breakdown help you understand what happens / what needs to happen?

            1 of 1 people found this helpful
            • 3. Re: What does it take to get a computer off the Affected Computers list
              MrGadget Expert

              phoffmann, thanks for your reply. Yes I understand what happens. It must be the reboot that was keeping computers from getting off the affected list because I didn't reboot mine till today and it is no longer listed.

              • 4. Re: What does it take to get a computer off the Affected Computers list
                carlos Expert

                Is there a way to know if certain machines are waiting for a reboot or if the reboot is required for certain Patch?

                • 5. Re: What does it take to get a computer off the Affected Computers list
                  MrGadget Expert

                  Carlos, I don't know of a way to tell. Maybe someone else can answer this question.