Jump to content

I'd like to restore the windows update detection functionality.


Go to solution Solved by charlesr,

Recommended Posts

I know that sometime last year, 2022, when version 9 came out ESET changed something in regards to how the ERA/Protect console detects when computers need or don't need updates. I think it was something about changing the severity of the alert from warning to informative.

I would like to know how I can access those alerts and perhaps use a dynamic group to put all the workstations needing windows updates into a group I can keep track of.

The windows update detection was a good way of having feedback to know when workstations were being updated and when they were not and I would really like that functionality back in some form. Either by ESET making it available again, or at the least if there is someway I can do it from my end with dynamics groups or something.

Link to comment
Share on other sites

  • Administrators

Nothing has changed in recent years with regard to reporting OS updates either by the security product

image.png

or the management agent itself:

image.png

Link to comment
Share on other sites

I have those settings, but I remember reading a thread somewhere, where the severity has been changed from warning to informative and the workstations no longer show up as yellow alerts anymore.

 

And in general when I go into machines I know are out of date, Im not getting any status on the OS being out of date.

Link to comment
Share on other sites

  • Administrators
6 minutes ago, charlesr said:

And in general when I go into machines I know are out of date, Im not getting any status on the OS being out of date.

Even if you select optional updates?

image.png

Link to comment
Share on other sites

37 minutes ago, Marcos said:

Even if you select optional updates?

image.png

Yes.

I have a feeling you're about to tell me there are other issues at play.

Link to comment
Share on other sites

  • Administrators

Couldn't it be that you get updates from a WSUS server? Or you get them from standard Microsoft servers?

Link to comment
Share on other sites

Posted (edited)

we do use a WSUS server now but we were having this issue before that which is why we decided to provision a WSUS server role on one of our VMs

Also the ERA/ESET Protect appliance is on a linux VM on the same network.

Edited by charlesr
Link to comment
Share on other sites

  • Administrators

ESET checks Windows updates against a list provided by Microsoft, not against your WSUS server. This is why it may report some update missing while Windows reports no updates available.

Link to comment
Share on other sites

7 minutes ago, Marcos said:

ESET checks Windows updates against a list provided by Microsoft, not against your WSUS server. This is why it may report some update missing while Windows reports no updates available.

Actually I'm glad that ESET doesn't follow what my WSUS server says, because that's kind of the root of the problem, which is my WSUS isn't pushing out all the updates. (probably because I haven't configured it right) So I often have to tell my workstations to check Microsoft update to get the missing updates.

What I want is for ESET to say "Hey these computers needs updating" as per microsoft, so I can address those workstations, figure out what updates my WSUS server isn't pushing out and tweak it till it does.

then after solving that short term problem, also use ESET to make it easy for me to readily identify what workstations need updates when they do. (Ideally the list will shrink to zero on it's own during patch day. But at the least if there is an issue, I know what workstations need attention, so I don't have to firm wide check every pc on the floor just to find the ones that are having issues.)

Link to comment
Share on other sites

  • Administrators

It is not clear to me what the issue is. I've tried it myself and it seems to work just fine:

image.png

image.png

Also a dynamic group with computers with missing OS updates is populated:

image.png

Link to comment
Share on other sites

Posted (edited)

My issue is, I dont get any of that, none of my outdated computers turn yellow, nor show up in the dynamic group under "Computers with outdated operating systems"

When I was researching the issue I found this thread:

Where

Quote

internally this been reported by others and its been explained that "This is because we report missing OS updates with informative severity as of v9. Beforehand they were reported with warning severity even if only optional updates were available. "
There is an internal conversation regarding changing this and I will submit a market requirement on your behalf to add weight to this conversation. However, please be aware that any changes that are made (if made) will not be added until version 10 of server security. 

I don't know who this person was quoting from, but if the severity was lowered from warning to informative, I'm assuming that means the computers won't turn yellow anymore nor would the dynamic group work since it wouldn't be reported as a "functionality problem" that the template listens for. and I'm also assuming this change would extend to the endpoint product as well.

If that isn't the case I apologize for the misunderstanding, and in that case, need to find out why my computers aren't turning yellow or showing up in the dynamic group.

Edited by charlesr
Link to comment
Share on other sites

  • 3 weeks later...

"Computer with outdated operating system" is a completely different issue. It doesn't tell you if there are updates to be installed on that computer. It tells you that you are using an old operating system version (i.e. Windows 7). Those warnings indeed seem to have been disabled (and good riddance, tbh), but the ones for updates in the queue (the ones you want) are still there.

Link to comment
Share on other sites

  • Solution
2 hours ago, Tomasz Trynkowski said:

"Computer with outdated operating system" is a completely different issue. It doesn't tell you if there are updates to be installed on that computer. It tells you that you are using an old operating system version (i.e. Windows 7). Those warnings indeed seem to have been disabled (and good riddance, tbh), but the ones for updates in the queue (the ones you want) are still there.

Ok figured out what the issue was, it seems under the default policy for our anti-virus, under settings, user interface, user interface elements and under the "Configure license-related application statuses", which itself is odd because all the application statuses are in here not just license related ones. The "Windows Updates available" checkboxes were unchecked, specifically the 'Send' one that shows the notifications in the console.

I am not sure if this was unchecked by an update or probably someone trying to fix an earlier issue, not placing blame, but once I checked it, I was able to get the workstations that were needing windows updates to show back up in yellow again.

So there you go, guess it was the result of a little tinkering.

2023-06-01-08-16-16AM.png

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...