Hi KACE users,

Has anyone been getting incorrect "Detect" results after a "Detect and Deploy" ?

Last night I ran a "Detect and Deploy" on some servers. 


I did not use any Patch Label. I checked the default "All Patches" as shown below:


Detect

All Patches
Deploy
All Patches


We subscribe to these patches: 

Publishers:

Adobe Systems, Inc, Google Inc., 7-Zip.org, TechSmith, WinZip Computing Inc, Microsoft Corp., Skype, TeamViewer, Wireshark Foundation, WinZip Computing, S.L., UltraVNC, Evernote Corporation, RealVNC Ltd.

They all got fully patched.

I then ran a Detect "All Patches" on the same servers this morning.

They all show 10 patches missing shown below:

SERVERB54xx.xx.xx.xxcompletedPatched: 257, Not Patched: 10, Detect Failures: 0

I have a ticket open with KACE but am curious if any of you have the similar issues.


Thank.

3 Comments   [ + ] Show Comments

Comments

  • The appliance may not yet have downloaded the required patches for the 2nd patch cycle. Check to see that the file size for the required patches is now greater than 0 and deploy the patches again.
    • Thank you napiert. All patches that show missing show "Active" but size is 0. What baffles me is that why are these patches showing "Active" but are not in the kbox. Also the missing patches are from 2013. When I run a manual MS update on these servers, they show fully patched per MS. MBSA shows them as fully patched too. I have an open ticket with KACE but no success.
  • MBSA should be telling the truth... Maybe those 10 patches are superseded or included in a Monthly Roll-up...
    If you open the device's details, you should be able to see what patches are not installed, and looking for them in the catalog, see if they are superseded
    • The 10 patches are not superseded. They show active and 0 in size. KACE tech advised to change patch download settings from "download active patches" to "download all subscribed patches." Subscribed patches are being downloaded for the past 6 hours. I am not sure if this was the right thing to do. I've been asking for Tier 3 support but no success.
      • I would rather activate manually those 10 patches using the radio button...
        What bugs me is MBSA, I mean...I use that one to determine if KACE is lying.. for example K1 says everything is fine, I use MBSA to confirm if that is true, not the other way around...

        If a patch is active, but not being downloaded to the KBOX (file size 0KB), that probably means it does not match your subscription or patch download settings.
  • Hi Channeler, Thank you for your time ;). KACE Tech ran a detect and deploy on 1 server with default "All Patches". It showed fully patched. Then he ran a Detect on the same server with default "All Patches". It came with Not Patched 10. He said he will push this up to Management. Should hear back today. Will post the solution.
Please log in to comment

Answers

This content is currently hidden from public view.
Reason: Removed by member request
For more information, visit our FAQ's.

0
Upon moving this issue to a TPS, we finally found the problem.

Our Anti Virus software Cylance is configured to block "c:\Windows\temp". 
KACE Detect uses the c:\Windows\temp where the information is cached.

If "c:\Windows\temp" is not blocked by AV, then Detect reports correctly.

Thank you all.

Answered 06/13/2017 by: endlessknot
Senior Yellow Belt

Please log in to comment
Answer this question or Comment on this question for clarity