Patch Detection Quality Control

I'd love to understand how landesk puts together the detection on landesk patches.

We are seeing many inaccurate detections that are being caught by our nessus scanner

i believe these should have changed for everyone as it was refreshed after a new download.

------------- This is the info i sent to support to have them change a few detections.

From my Server 2012 x64 bit machines, this seems to be missing:

http://support.microsoft.com/kb/2973501

Nessus Results:

- C:\Windows\system32\mstscax.dll has not been patched

    Remote version : 6.2.9200.16794

    Should be      : 6.2.9200.17048

  Missing KBs :

    2973501

I don’t see any pre-reqs for KB2973501 and I don’t see it applied to numerous machines. Why the pre-req check?

Scan log:

Current Definition ID: 2973501_MSU

Checking vulnerability 2973501_MSU, rule index 0 ('Windows8-RT-KB2973501-x64.MSU')

Running detection script

The prerequisite doesn't meet(KB2871997,KB2973351), exit the Scan process.

Vul 2973501_MSU, patch index 0  -----------------------  took 4447 ms

VUL: '2973501_MSU' (windows8-rt-kb2973501-x64.msu) not detected.  File/OS version(s) verified

From my 2008 R2 machines x64 bit, this seems to be missing:

Nessus Results:

- C:\Windows\system32\mstscax.dll has not been patched

    Remote version : 6.2.9200.16398

    Should be      : 6.2.9200.17053

  Missing KBs :

    2984976

http://support.microsoft.com/kb/2984976

http://support.microsoft.com/kb/2984972

http://support.microsoft.com/kb/2592687

http://support.microsoft.com/kb/2574819

2984976 -> Pre-req (2984972, 2592687 ( pre-req (2574819) )  -- From the KBs

Where are the additional pre-reqs coming from?

Scan Log:

Current Definition ID: 2984976_MSU

Checking vulnerability 2984976_MSU, rule index 0 ('Windows6.1-KB2984976-x64.Msu')

Running detection script

The prerequisite doesn't meet(KB2871997,KB2973351,KB2984972,KB2574819,KB2592687), exit the Scan process.

Vul 2984976_MSU, patch index 0 ----------------------- took 24625 ms

VUL: '2984976_MSU' (windows6.1-kb2984976-x64.msu) not detected. File/OS version(s) verified

Patch is NOT installed

Checking vulnerability 2984976_MSU, rule index 1 ('Windows6.1-KB2984976-x86.msU')

No affected platforms were found.

---

Support fixed the patch (assumption: i'm still applying it) for 2012 servers, but 2008 R2 is still incorrect.

Then another look turned out the sub patch had a patch detection error.

My next email ----

The 2008 R2 still don’t pick up.  It looks like I’m missing 2984972

2984976 -> Pre-req (2984972, 2592687 ( pre-req (2574819) )  -- From the KBs

http://support.microsoft.com/kb/2984972

According to your script for that patch 2984972_MSU:

if not(KB2871997 and KB2973351) then

   log "The prerequisite doesn't meet(KB2871997,KB2973351), exit the Scan process."

   Exit Sub

Why, the KB doesn’t mention any pre-reqs.

---

waiting to hear back on this one now.