cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
brodiemac
Engaged Sweeper III
I got the email about the audit report for this provided by LANSweeper. I copied the code and ran the report but it is all wrong. It shows most of my environment being vulnerable but when researching the vulnerabilities and checking machines marked as vulnerable, they all had the required patches. Anyone else seeing this?
4 REPLIES 4
bginchereau
Engaged Sweeper
brodiemac wrote:
I got the email about the audit report for this provided by LANSweeper. I copied the code and ran the report but it is all wrong. It shows most of my environment being vulnerable but when researching the vulnerabilities and checking machines marked as vulnerable, they all had the required patches. Anyone else seeing this?


The search criteria for the report does not include the all inclusive patches that have been put out.

EX: Win 10 build 1709 - the report looks for KB4507455, but patch KB4507465 REPLACED the previous but still includes the fix. The report shows the machine as out of date due to not looking for the updated patch.

You could go back through the report code and add these new patches, but it would be a lot easier with an update report.
Esben_D
Lansweeper Employee
Lansweeper Employee
Have you checked whether the report lists assets with outdated data (look in the comments column)?
Might be best to just hit the rescan assets button in the report, just to be safe.

The data itself is taken from the Win32_QuickFixEngineering WMI class.

To check you can run get-wmiobject Win32_QuickFixEngineering in PowerShell
Lennart
Engaged Sweeper III
I'm getting several clients marked as missing KB4507453 regarding to the report.
But they are updated to max, and can´t find any more windows updates.
I´m not using WSUS.
Any ideas?
/BR Lennart
brodiemac
Engaged Sweeper III
So I'm guessing LANSweeper uses the Get-HotFix Powershell command to get the hotfix information as the result of that command matches what is listed for these computers. Since we are using WSUS, there are several that are not listed using this command. I found this article that explains an alternate method of listing hotfixes installed this way. How would I go about integrating this command into LANSweeper to list installed hotfixes from WSUS?