3 Replies Latest reply on Jan 15, 2019 6:42 AM by phoffmann

    Discover servers not receiving updates

    CraigW Rookie

      Hi all,

       

      We recently discovered an issue where a number of servers were not receiving updates as a recommended update was blocking Windows Update from determining that there were critical patches available.


      Does anyone know of a way within Ivanti Endpoint Security to list servers that have have not had updates applied within the past 'x' months?

       

      Regards,

      Craig

        • 1. Re: Discover servers not receiving updates
          phoffmann SupportEmployee

          So keep in mind the difference between "not applied" and "not rebooted" ... we / our vulnerability scanner does *NOT* view a device as "being patched" until it reboots (if the patch requires it, and most OS patches do). So you may want to check one of the boxes in question whether - upon rebooting & re-vulnerability scanning them - they show as being patched all of a sudden.

           

          Patching logs are part of the vulscan logs, so you can check those out on a few affected devices (to see whether it was ATTEMPTED to install patches or whatnot) ...

           

          There's a bunch of possible scenarios on this stuff can happen - and what you're ACTUALLY dealing with.

           

          You COULD start (in terms of "basic list of suspects") just checking on "which server(s) are vulnerable to vulnerability X" (i.e. let's say November 2018's security update) or something else that "they should have installed. And then you can check from there.

           

          This is a case of needing to pin down what's (not) happening & going from there.

           

          <I'm also assuming that you're using our stuff to install patches. If - for some reason - you're using WSUS or Windows Update to install patches, then you can just check for "show me stuff that's vulnerable to somethign that should be installed" and go from there.

           

          So yeah - a lot of "it depends" and "do some initial digging & go from there".

           

          Does this help you as an initial plan of actions?

           

          <Hint: Not super relevant here immediately, but it's always a good habit to post "I'm on version X update Y" as that can help with context & even a simple thing like "Well - you're about 6 months out of date, may want to check out a more recent patch on a dev server" for instance> .

          • 2. Re: Discover servers not receiving updates
            CraigW Rookie

            Thank you for your reply.

             

            We are using Ivanti for patching and we're on version 8.5.0.30.

             

            I'll take a few moments and see if I can explain the situation better.

             

            KB4132216 is a recommended patch for server 2016 - it was missing on a number of systems prevented Windows update on those systems from picking up recent critical patches. Given that Ivanti seems to rely on Windows Update to determine what patches are available / required, these servers were not getting patched. The servers weren't even showing newer patches as required - they didn't show up for those servers at all.

             

            I probably should note here that currently we're only doing critical patches, however that process may be changing as a result.

             

            The intention is to search Ivanti for clients that have not any patches applied in the last 2-3 months to try and locate servers that are having similar issues. I have searched our servers for those missing the noted KB and we're going working through them to bring them up to date, however it'd be nice to try and proactively search for other servers that are not being patched.

            • 3. Re: Discover servers not receiving updates
              phoffmann SupportEmployee

              Urm - are you *sure* you're talking about EPM (Endpoint Manager) version 8.5 here? Cos that would've been something in the region of 13 years old now (would've been "LANDesk Management Suite" then).

               

              Is it possible that you're talking about something different now (since "Ivanti" covers a rather large multitude of things).

               

              To help with the right product / acronym, the following should help -- Ivanti Product Names & Acronyms .

               

              If this isn't about Endpoint Manager (which I assume to be the case), you may want to re-post your question in the relevant product category of the community. In the unlikely case of this BEING about a 13 year old version of the management suite / EPM ... you'd need to upgrade something fast (and I'm pretty sure LDMS 8.5 wouldn't even know about Windows 7... nevermind something newer) .