2 Replies Latest reply on Nov 17, 2009 10:20 AM by carend

    Vulnerability Reports Based on Group of PCs

    zeetwoeight Apprentice

      I have a custom group with about 40 devices in it (and growing weekly) that I need to get vulnerability data on.  I can use the built-in "Detected Vulnerabilities by Computer" but I have to select each individual device which will be a time consuming task (and prone to error by possibly missing systems in the group).  Is there a way to create a Detected Vulnerabilities by Group report?  Does anyone know how to see the logic behind the Detected Vulnerabilities by Computer report?  Maybe I could create a custom report based on that with slight modifications.

       

      Any info would be appreciated.

       

      Thanks

        • 1. Re: Vulnerability Reports Based on Group of PCs
          Rookie

          I'd like to know the same.


          Thanks,

          Steve

          • 2. Re: Vulnerability Reports Based on Group of PCs
            Master

            To answer your first question about choosing a group instead of a single computer; with the current standard reports there is not an option to change/modify as it is hard coded. This is updated in 9.0 and you will be able to edit standard reports.

            For your second question as to the logic behind the report you could look at the following to create a query / report.

            Description
            Query or Report on Patch Information to find information for Specific Patch Failures or Vulnerabilities

            Part 1: Why do multiple values show up in the inventory data?

            Multiple values show under inventory for a patch when you have multiple “Detection Rules”

            We will use vulnerability 894391 as an example.

            Below you will notice that there are 5 detection rules associated with vulnerability 894391.
            1.JPG
            If we look under inventory of a machine that has vulnerability 894391 you will see detected listed twice and patch install succeeded listed twice. If you refer back to the Detection Rules you will see two rules for Windows XP machines. The below inventory is of a Windows XP machine. It is showing a value for each rule detection.
            2.JPG

            Part 2: What are the best inventory values to query to determine if a specific patch has been installed successfully or not?

            Definitions:

            Patch Install Succeeded: This information will populate if the LANDesk Security and Patch Manager was used to install the patch.

            Patch Currently Installed: This information will populate if the patch is installed without the use of Security and Patch Manager

            Detected: This information will populate if the machine is found vulnerable and does not have a specific patch installed. (Note: If Detected shows a value of a 1 meaning it is vulnerable and Patch Install Succeeded is showing a value of a 2 meaning patch successfully installed then the machine needs to be rebooted so the vulnerability will update to a 0).

            A query to find what computes are detected as vulnderable because the Patch Install Failed would be the following:

            Computer.Security and Patch Definitions.Vulnerability ID Like 894391
            AND Computer.Security and Patch Definitions.Detected = 1

            Add Columns:
            Detected
            Vulnerability ID
            Patch Install Successfully

            If any items show a 2 for Patch Installed Successfully and a 1 for Detected then the machine just needs a reboot.


            Landesk Security and Patch Manager Codes:

            0 - Download failure. Client was unable to download the patch from the patch storage directory.
            1 - Install failure. Client downloaded the patch successfully, but the patch was not installed successfully.
            2 - Install success. Downloaded and installed the patch successfully.

            LANDesk 8.5 and later
            3 - Download failure on uninstall.
            4 - Uninstall downloaded successfully, but uninstall failed.
            5 - Uninstall completed successfully.
            6- Spyware Repair Failed
            7- Spyware Repair Succeeded
            8- Real Time Spyware Repair Failed
            9- Realtime Spyware Repair Succeeded

            LANDesk 8.7 and later
            10-Virus Repair Failed
            11-Virus Repair Succeeded
            12-Virus Quarantine Failed
            13-Virus Quarantine Succeeded
            14-Virus Suspicious Quarantine Failed
            15-Virus Suspicious Quarantine Succeeded
            16-Virus Suspicious No Action Taken
            17-Virus Realtime Repair Failed
            18-Virus RealtimeRepair Succeeded
            19-Virus Realtime Quarantine Failed
            20-Virus Realtime Quarantine Succeeded
            21-Virus Realtime Suspicious Quarantine Failed
            22-Virus Realtime Suspicious Quarantine Succeeded
            23-Application Block Failed
            24-Application Block Succeeded