vulnerability & patch module: how to see if it works?

[fvds 0]

We trialed V & P on an endpoint, and it seemed to work -- it found one PC with outdated Acrobat Reader and another PC with outdated Microsoft Edge. So now we deployed on the rest of our 20 endpoints but after 5 hours, there seems to be no new vulnerabilities found on any of the new machines which I find hard to believe.

? How do we verify that V & P is really working?

? We updated the applications that V & P said were outdated and subject to vulnerabilities, but the Vulnerability pane still shows the old findings, so how do we rescan those endpoints to make sure that the vulnerabilities were fixed? 

 

[MattR 0]

I suspect in most cases the patching mechanism isn't working yet especially if it's installed in a profile (I've only been able to patch programs that appear to be installed globally on a PC).  There is a schedule you can configure when it does its patch searching in the Common Features policy that's applied to the device.  This is also where you could set auto patching settings as well.  It's a fairly new feature, so I suspect they are still working on it a lot.  I had some PCs that had it for a little while and eventually some other programs were flagged that weren't before.  So, they probably are working on adding more and more programs and patches to their databases.