charlesr 0 Posted May 11, 2023 Share Posted May 11, 2023 I know that sometime last year, 2022, when version 9 came out ESET changed something in regards to how the ERA/Protect console detects when computers need or don't need updates. I think it was something about changing the severity of the alert from warning to informative. I would like to know how I can access those alerts and perhaps use a dynamic group to put all the workstations needing windows updates into a group I can keep track of. The windows update detection was a good way of having feedback to know when workstations were being updated and when they were not and I would really like that functionality back in some form. Either by ESET making it available again, or at the least if there is someway I can do it from my end with dynamics groups or something. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,242 Posted May 11, 2023 Administrators Share Posted May 11, 2023 Nothing has changed in recent years with regard to reporting OS updates either by the security product or the management agent itself: Link to comment Share on other sites More sharing options...
charlesr 0 Posted May 11, 2023 Author Share Posted May 11, 2023 I have those settings, but I remember reading a thread somewhere, where the severity has been changed from warning to informative and the workstations no longer show up as yellow alerts anymore. And in general when I go into machines I know are out of date, Im not getting any status on the OS being out of date. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,242 Posted May 11, 2023 Administrators Share Posted May 11, 2023 6 minutes ago, charlesr said: And in general when I go into machines I know are out of date, Im not getting any status on the OS being out of date. Even if you select optional updates? Link to comment Share on other sites More sharing options...
charlesr 0 Posted May 11, 2023 Author Share Posted May 11, 2023 37 minutes ago, Marcos said: Even if you select optional updates? Yes. I have a feeling you're about to tell me there are other issues at play. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,242 Posted May 11, 2023 Administrators Share Posted May 11, 2023 Couldn't it be that you get updates from a WSUS server? Or you get them from standard Microsoft servers? Link to comment Share on other sites More sharing options...
charlesr 0 Posted May 11, 2023 Author Share Posted May 11, 2023 (edited) we do use a WSUS server now but we were having this issue before that which is why we decided to provision a WSUS server role on one of our VMs Also the ERA/ESET Protect appliance is on a linux VM on the same network. Edited May 11, 2023 by charlesr Link to comment Share on other sites More sharing options...
Administrators Marcos 5,242 Posted May 11, 2023 Administrators Share Posted May 11, 2023 ESET checks Windows updates against a list provided by Microsoft, not against your WSUS server. This is why it may report some update missing while Windows reports no updates available. Link to comment Share on other sites More sharing options...
charlesr 0 Posted May 11, 2023 Author Share Posted May 11, 2023 7 minutes ago, Marcos said: ESET checks Windows updates against a list provided by Microsoft, not against your WSUS server. This is why it may report some update missing while Windows reports no updates available. Actually I'm glad that ESET doesn't follow what my WSUS server says, because that's kind of the root of the problem, which is my WSUS isn't pushing out all the updates. (probably because I haven't configured it right) So I often have to tell my workstations to check Microsoft update to get the missing updates. What I want is for ESET to say "Hey these computers needs updating" as per microsoft, so I can address those workstations, figure out what updates my WSUS server isn't pushing out and tweak it till it does. then after solving that short term problem, also use ESET to make it easy for me to readily identify what workstations need updates when they do. (Ideally the list will shrink to zero on it's own during patch day. But at the least if there is an issue, I know what workstations need attention, so I don't have to firm wide check every pc on the floor just to find the ones that are having issues.) Link to comment Share on other sites More sharing options...
Administrators Marcos 5,242 Posted May 11, 2023 Administrators Share Posted May 11, 2023 It is not clear to me what the issue is. I've tried it myself and it seems to work just fine: Also a dynamic group with computers with missing OS updates is populated: Link to comment Share on other sites More sharing options...
charlesr 0 Posted May 11, 2023 Author Share Posted May 11, 2023 (edited) My issue is, I dont get any of that, none of my outdated computers turn yellow, nor show up in the dynamic group under "Computers with outdated operating systems" When I was researching the issue I found this thread: Where Quote internally this been reported by others and its been explained that "This is because we report missing OS updates with informative severity as of v9. Beforehand they were reported with warning severity even if only optional updates were available. "There is an internal conversation regarding changing this and I will submit a market requirement on your behalf to add weight to this conversation. However, please be aware that any changes that are made (if made) will not be added until version 10 of server security. I don't know who this person was quoting from, but if the severity was lowered from warning to informative, I'm assuming that means the computers won't turn yellow anymore nor would the dynamic group work since it wouldn't be reported as a "functionality problem" that the template listens for. and I'm also assuming this change would extend to the endpoint product as well. If that isn't the case I apologize for the misunderstanding, and in that case, need to find out why my computers aren't turning yellow or showing up in the dynamic group. Edited May 11, 2023 by charlesr Link to comment Share on other sites More sharing options...
Tomasz Trynkowski 9 Posted June 1, 2023 Share Posted June 1, 2023 "Computer with outdated operating system" is a completely different issue. It doesn't tell you if there are updates to be installed on that computer. It tells you that you are using an old operating system version (i.e. Windows 7). Those warnings indeed seem to have been disabled (and good riddance, tbh), but the ones for updates in the queue (the ones you want) are still there. Link to comment Share on other sites More sharing options...
Solution charlesr 0 Posted June 1, 2023 Author Solution Share Posted June 1, 2023 2 hours ago, Tomasz Trynkowski said: "Computer with outdated operating system" is a completely different issue. It doesn't tell you if there are updates to be installed on that computer. It tells you that you are using an old operating system version (i.e. Windows 7). Those warnings indeed seem to have been disabled (and good riddance, tbh), but the ones for updates in the queue (the ones you want) are still there. Ok figured out what the issue was, it seems under the default policy for our anti-virus, under settings, user interface, user interface elements and under the "Configure license-related application statuses", which itself is odd because all the application statuses are in here not just license related ones. The "Windows Updates available" checkboxes were unchecked, specifically the 'Send' one that shows the notifications in the console. I am not sure if this was unchecked by an update or probably someone trying to fix an earlier issue, not placing blame, but once I checked it, I was able to get the workstations that were needing windows updates to show back up in yellow again. So there you go, guess it was the result of a little tinkering. Link to comment Share on other sites More sharing options...
Recommended Posts