Jump to content

How does Operating System Update task work?


j-gray
 Share

Recommended Posts

I only found basic documentation on this task...

How does it work across Windows and OS X systems and what is it doing exactly?

For Windows, it gives a choice for 'optional updates'. Does this mean it's applying Critical and Recommended updates by default? If there is a WSUS policy will this task respect that policy or override it?

For OS X is it attempting to install All updates, or only Recommended updates? Since there's no reboot option for OS X, will it not install updates that require a reboot, similar to the Windows option?

I ran the update task on my Mac; I can see that the task completed but have no idea what happened --were there no updates available? Did it install any updates? How can I tell the results of the update task?

Finally, what is the purpose of the EULA option? Neither OS X nor Windows present any kind of EULA for system updates that I'm aware of.

Any info would be helpful.

Link to comment
Share on other sites

  • ESET Staff

Windows: technically "install optional updates" parameter has direct impact on search filter used to list updates that will be performed. In case installing of optional updates is not enabled, search uses criteria BrowseOnly=0 (see list of supported filters: https://msdn.microsoft.com/en-us/library/windows/desktop/aa386526(v=vs.85).aspx). Regarding EULA, not sure how is EULA presented to user, but there are updates (or were in history) which we were not able to install silently without consent of user. This checkbox is there to automatically accept and install those updates, if present. More information can be found in respective documentation (https://msdn.microsoft.com/en-us/library/windows/desktop/aa386886(v=vs.85).aspx). In case you do not enable accepting EULA in task parameter, updates requiring EULA acceptance will be skipped.

macOS: this is technically different: not all settings from task are applied, as task parameters were mostly tailed for windows. On macOS, updates are installed using command:

/usr/sbin/softwareupdate --install --all

There was a discusion on this forum whether we could distinguish optional/security updates, but it seems macOS does not provide such information. There is only "recommended" flag but it mostly marks all updates, including system updates and updates of applications.

Linux: as on macOS, all updates are installed, regardless of task parameters. For this purpose, various package managers are checked so that most of distributions is covered.

 

Unfortunately you are right that there is no easy way how to check what was going on. Only output for user is that once system update is finished, up-to-date state of system is re-checked, so that user will immediately see whether it updated system, or nothing changed.

Link to comment
Share on other sites

Thanks for the reply and clarification. This is helpful.

One other question; what triggers the ESET check for system updates?

I have OS X systems that are flagged as 'Operating system not up to date' with a date occurred from sometime last month. I've run the update task, then run the softwareupdate -l command to verify there were no more updates available. But a day later they still show 'Operating system not up to date' with the same 'date occurred' from last month. They are connected and checking in regularly. They are not flagged with a 'restart recommended' and don't have errors or warnings otherwise.

Is there a way in ERA to force an update check or how does one clear the update warning when the system is actually up to date?

Thanks again.

Link to comment
Share on other sites

12 hours ago, MartinK said:

Only output for user is that once system update is finished, up-to-date state of system is re-checked, so that user will immediately see whether it updated system, or nothing changed.

I've waited several hours after running updates and re-verified no updates are available using the 'softwareupate -l' command.

OS status still has not changed in ERA and shows out of date. Systems are still connected and are replicating successfully every 15 minutes.

Why does the update status not reflect correctly?

Also wondering if OS X has a flag for 'restart recommended' or if this is only for Windows in ERA console?

Edited by j-gray
Link to comment
Share on other sites

  • ESET Staff

Thanks for reporting. I have made quick investigation and there seems to be multiple issues with implementation of this task on macOS:

  • my statement that up-to-date status is checked after execution of update task was not correct ... it does not work that way on macOS -> BUG. Other platforms should work fine.
  • regardless of checks made after execution of update task, up-to-date state of system is checked regurarly with various intervals depending on platform. Unforutnatelly on macOS, interval is very long (24 hours) and what is even worse, seems that check is performed not after startup -> this technically means that AGENT has to be running more than 24 hours to report up-t-date state correctly - I am correct If I think that problematic computer is not running during night? Interval will be decreased, as it seems check is not using many resources.

Post-upgrade restarting is not available for macOS. We will have to investigate whether system provides us enough information, so that we are sure restart is required before doing so.

Link to comment
Share on other sites

27 minutes ago, MartinK said:

I am correct If I think that problematic computer is not running during night?

This varies from location to location. I'll check tomorrow and see how things look.  Would be great if the devs would tweak this so it's closer to real-time information.

And if I understand correctly, "A computer restart is recommended" flag does not apply to OS X clients specifically for OS updates, correct?

Thanks again.

Link to comment
Share on other sites

System updates were performed around 11:00am yesterday and the systems rebooted at 03:00 this a.m. When I checked the console around 08:00am today they all showed as up-to-date.

So either the check is performed at startup, or the check is performed within less than 24-hours.

Again, would be great if this check could happen more frequently to provide closer to real-time results.

Link to comment
Share on other sites

No matter what i do or how I attempt to configure this no updates are installed .

It basically does nothing and says it has completed successfully, i even tested watching a machine live that had pending updates.

Tested on latest ERA and EES product version on Windows 7/8/10 x32/x64.

How do i get it working?

Link to comment
Share on other sites

  • ESET Staff
16 hours ago, j-gray said:

Again, would be great if this check could happen more frequently to provide closer to real-time results.

Changes are ready for upcoming major release. Checks will be made every few minutes after startup, every 4 hours and after successful execution of system update task.

Link to comment
Share on other sites

  • ESET Staff
16 hours ago, Dylan said:

No matter what i do or how I attempt to configure this no updates are installed .

It basically does nothing and says it has completed successfully, i even tested watching a machine live that had pending updates.

Tested on latest ERA and EES product version on Windows 7/8/10 x32/x64.

How do i get it working?

Have you enabled "Automatically accept EULA" in task configuration (see documentation)? Or you are using context menu to update specific device? If I recall correctly, update task created by context menu is missing this configuration, which may have resulted in this behavior.

Could you also provide list of updates that are being ignored on client machine? We are currently tracking issues with major updates of Windows 10, which seems to be not properly executed by ERA (i.e. ignored...), but you listed even older systems.

Link to comment
Share on other sites

On 2/10/2018 at 2:49 AM, MartinK said:

Changes are ready for upcoming major release. Checks will be made every few minutes after startup, every 4 hours and after successful execution of system update task.

Perfect.

Any info on the the reboot flag? Will OS X be flagged if reboot is required due to pending system updates, similar to Windows?

Thanks again for the info and clarifications.

Link to comment
Share on other sites

On 2/10/2018 at 6:52 AM, MartinK said:

Have you enabled "Automatically accept EULA" in task configuration (see documentation)? Or you are using context menu to update specific device? If I recall correctly, update task created by context menu is missing this configuration, which may have resulted in this behavior.

Could you also provide list of updates that are being ignored on client machine? We are currently tracking issues with major updates of Windows 10, which seems to be not properly executed by ERA (i.e. ignored...), but you listed even older systems.

Yes that option was selected when i created the task separately and then i did task trigger to apply immediately the task to multiple computers. Is there another way to go about it?

On all affected machines all are updates regardless of optional or not are not being installed.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...