New APD patch approval process
So i see we have some newer patch approval processes where you have test groups where you approve patches that have been tested in lower environments. So what happens when a patch is only required in prod? Say there is a third party patch that is only available in prod? Do those just not get approved? We have a largish number of configs so its not unforseable that a patch would not actually be in our dev environment. Most will but its not 1 to 1. So how do we deal with that scenario?
Microsoft Office Vulnerability - System login details at risk(CVE-2018-0950)
4oo million active users of Microsoft Outlook may be in danger of getting hacked, going by the discovery of a CERT researcher, Will Dormann. What is at stake? All sensitive information including Windows login details Who is in danger? All Windows users using Microsoft Outlook for emails How does the hack work? A remote attacker can email an OLE content(embedded and linked object) in the form of a Rich Text File(RTF). This RTF contains a remotely hosted image file(OLE)served from an SMB server controlled
None of your MS18-APR patches are showing available for Server 2008. What is going on here?
This month you show the patch and I can approve it but when you scan the devices it doesnt show as applicable? Whats going on here? Out of 7000 end points only 125 need an IE update and no roll ups? Half of our gear is 2008. something is seriously wrong. Edit: to be more helpful and less abrasive.
Windows 10 Build Update Deployment Failure
Followed instructions to add ISO to patch database. It shows patch available, but 1 of 2 dependency patches fails to download. See attached pictures. I need to know what to do in order to correct this so I can deploy build updates
April 2018 - Patch tuesday updates from Manageengine
Hello Folks, Good day. Quick update on the April 2018 Patch Tuesday. New Security Bulletins : 2018-04 Security Update for Adobe Flash Player for Windows (KB4093110) 2018-04 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4093108) 2018-04 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 (KB4093115) 2018-04 Security Only Quality Update for Windows Server 2012 for x64-based Systems (KB4093122) 2018-04 Cumulative Update for Windows 10 Version 1511 (KB4093109)
You may be at risk while using the web! (CVE-2018-1013)
Watch out Windows users, hackers might trick you into falling for malicious web links/files and then take complete access to your system! Microsoft's April 2018 Patch Tuesday updates can help you out though. The Windows Graphics component, which is responsible for the graphics on your Windows screen, hosts a font library which could be rigged with specially crafted embedded fonts. Due to the improper handling of Windows fonts library, there could be a remote code execution in which the attacker
Critical update for Desktop Central versions older than 100108
What is the change? Desktop Central's patch management has released a new schema to support various features for Windows, Mac & Linux patch management. What will be the impact? If you are running Desktop Central version older than 100108, you will not be able to synchronise the latest patch updates. What should I do? Upgrade to the latest build on or before 9th May 2018, to continue using patch management.
Newest KB890830 on Windows Server 2003 Patch id 23908
I have only 2 2003 servers left. They both ended up as "Deployment Failed" for newest KB890830 Patch id 23908 The remark on the failed patch is "1% not a valid Win32 application" Anyone else having this issue with this latest patch? thanks
Extenuation of Static IP issues on VMware running on Windows Server 2008 R2 and Windows 7 OS
This Patch Tuesday seems to be miserable for administrators handling Windows Server 2008 R2 and Windows 7 running on VM ware Scenario: The below scenario was reported by few users who installed these KB's KB4088875 & KB4088878 on VMware. This is applicable for Windows 7 and Windows 2008 R2 OS, installed on VMware environment only. For the VMware users, The NIC card is restarted and the pre-configured settings are reset to default settings, hence its disconnected from the network. In few scenarios,
KB 4011730 breaks Word 2016.
Issue: After installing the March 13, 2018, update for Word 2016 (KB4011730), you may not be able to open or save Word documents. This issue occurs only for those who receive Office 2016 updates using Windows Installer technology (MSI). If you have a Click-to-Run edition of Office, such as Office 365 Personal, you won't encounter this issue. Workaround for this issue: Microsoft is aware of this issue and working on a fix. In the meantime, you may be able to workaround this issue by installing the March
Automated Patch Deployment... no scheduler?
In build 10.0.205 which I have deployed to fix a different issue, you have removed the scheduler from automated patch deployment. Please advise how for example, can I patch a group of servers next week with the latest updates they will require? Previously I could scan and download the patches without deployment, then patch the servers separately in batches. I also do the same for workstations, where I patch 10% of our estate on any given day so as not to overload the bandwidth on any site, using
March 2018 - Patch tuesday updates from Manageengine
Hello Folks, Quick update on the March 2018 Patch Tuesday. New Security Bulletins : 2018-03 Security Update for Adobe Flash Player for Windows (KB4088785) 2018-03 Security Monthly Quality Rollup for Windows 7 and Windows Server 2008 R2 (KB4088875) 2018-03 Security Monthly Quality Rollup for Windows 8.1 and Windows Server 2012 R2 (KB4088876) 2018-03 Security Monthly Quality Rollup for Windows Server 2012 (KB4088877) 2018-03 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4088878)
CVE-2017-11882 | Microsoft Office Memory Corruption Vulnerability
Hi ALL! How i can check all my PC for this patch ? CVE-2017-11882 | Microsoft Office Memory Corruption Vulnerability Patch Mgmt tab don't provide any info about CVE-2017-11882 help me!
Desktop Central seems to frequently miss various Windows OS patches and updates
I've been using Desktop Central for about two years now. When I came onto my job, we were using a mix of WSUS and Desktop Central. I have since scrapped WSUS and stuck with Desktop Central for both 3rd party software installment as well as regular monthly Windows updates. Everything seemed to be going well as Desktop Central reported that all of our systems were up to date after I would run updates month by month. Then we had an environment scan with Nessus Vulnerability Scanner by a 3rd party security
Patching "The operation completed successfully" but system still listed as vulnerable
Hi, I've got several systems where the patch "307159 TU-017 Updates for Google Chrome (x64) (64.0.3282.186)" was deployed and appeared to work (the application is updated) -- the remarks field says "The operation completed successfully" but doesn't disappear and the machine remains listed as vulnerable. I have tried rescanning, rebooting the endpoint and rescanning, and updating the patch DB. It's not a huge problem because the machines are protected, but it does make my compliance reports inaccurate.
Windows update deployment error: The identities of the manifests are identical but their contents are different.
I have one system that needs a specific update however no matter how many times I try the update I get the error message: The identities of the manifests are identical but their contents are different. I was able to download the update manually and install it, however Desktop Central doesn't see the update as being installed. I even ran a patch scan afterwards. Any suggestions? Thanks -Kirk
all patches with http://software-download.microsoft.com/pr/Win10_1709_XXXX.ISO are failing
All patches that have "http://software-download.microsoft.com/pr/Win10_1709_xxxx.iso" location inside PMPatchLocation SQL table are failing with download.. looks like microsoft blocked direct downloads.. please fix it.. Also why is DC re downloading already present patches in repository? Also why patch for CHINESE Simplified 1079 Win10 is downloading english ISO?
Patch Severity Settings
Does the Patch Severity Settings get reset when we apply a patch to Desktop Central as we have it setup to our requirements but it keeps changing and I can't find anything within the audit log to indicate that someone has changed it from what we require.
KB installed but not found in "Installed Update Patches"
I cannot found the record for some office 2016 KB that already install in my PC and attached the sample KB3115281 Even I try to reboot the PC and run the patch scanning again but no luck.
No missing patches, but prompting for reboot
I have been noticing the last couple of weeks that DC is requiring reboots even though the computers show zero needed patches. Any ideas why?
Firefox 58.0 - Wrong patch is deployed!
Just a heads-up, there seems to be an issue with the latest Firefox patches (patch ID 307006 and 307008). The 32-bit update points to the 64-bit location path and vice versa. So if you deploy/approve these patches, you will very likely end up with a mess. Patch ID 307006 (32-bit) deploys the 64-bit version http://download-installer.cdn.mozilla.net/pub/firefox/releases/58.0/win64/en-US/Firefox%20Setup%2058.0.exe Patch ID 307008 (64-bit) deploys the 32-bit version http://download-installer.cdn.mozilla.net/pub/firefox/releases/58.0/win32/en-US/Firefox%20Setup%2058.0.exe
problem with deploying Adobe Flash player
good morning everyone, when i am trying to deploy this patch: Update for Adobe Flash Player for IE (28.0.0.137) - APSB18-01 there is a problem, which is: The indicated destination element already contains media. but when i scan the device, desktop central says this is missing patch !!
Windows 10 Fall Creators update (1709) undeployable because of dependencies
I followed the instructions: https://www.manageengine.com/products/desktop-central/windows10-feature-packs.html#language I renamed the iso to the german name: 104980-Win10_1709_Gex64.iso And I placed it into the patch store of desktop central. When deploying the patch/upgrade it fails to start because of missing dependencies (Win10_1709_enx64.iso). It does not "detect" the german iso file I have placed in patch store as descibed in you instruction....
Fix for Meltdown and Spectre
Hi All Greetings from Desktop Central technical support team. Please use Desktop Central's Patch management to mitigate the vulnerability. Here are the bulletin details from MS. CVE-2017-5753 - Bounds check bypass CVE-2017-5715 - Branch target injection CVE-2017-5754 - Rogue data cache loadFor more read.. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002 How to identify the Meltdown & Spectre using Desktop Central scan? 1. Sync the Patch DB & Scan all Systems. 2. To find
Mac OS patch (601384) gets the machine rebooted without notification
The patch crawler team has found that upon patching Mac sierra machines, it is getting rebooted arbitrarily even when "No Reboot" deployment policy is selected. From analyze, the team has confirmed patch 601384 naturally invokes the reboot action without notifying the customer. It seems it is the behavior of this update upon reading various 3rd party forums. A message has been added in the product UI to convey the Mac Sierra reboot message so that customers can get benefited and plan their patching
Metldown/Spectre patch not showing for half our machines.
I have a ticket open with Desktop Central on this but haven't gotten very far with them. Out of our 470 Desktops/Laptop, only about 250 of our Desktops/Laptops are showing that they are "missing" the Meltdown/Spectre Patch. All of our Laptops and Desktops are exactly the same hardware with the same AV versions. I checked to make sure the Patch was not installed on any machines which it isn't and we have Windows Patching disabled on all computers. I checked to see if the reg key below was on any of
How do I find out what patch forced a reboot?
Hello, I have automated patch management enabled in Desktop Central and until now it was doing a great job. It installed a patch on my PC and forcefully rebooted it without giving me any options. I have the Do Not Reboot flag checked in the deployment policy. Any idea on where I can start looking to see what patch forced the reboot so i can disable it? Thanks Anthony
Meltdown Patch
It doesn't look like MS has released the Meltdown patch yet. I'm wondering once its released how quickly ManageEngine will turn it around and if they'll send out a special notification that the patch is available?
Windows 10 1607 Update
Hello Our Windows 10 machines currently running 1151 build are not receiving the Anniversary edition update from Desktop Central. If we remove a machine from Desktop central, the update is downloaded. Machines with the desktop central agent do not receive the update, even though our scans are set to download all updates at all levels and deploy. Do you support this? Microsoft released this over 2 months ago. Thanks Chris
Update mismatch
Hi all, I'm struggling to get my head round something DC is doing on a couple of systems here in regards to mismatch of information on a system or two. Here is the missing patches listed as critical on one of our servers. And also a screenshot of the internet explorer about window indicating that this patch is installed. I've looked in windows update and it doesn't list the patch as installed so I'm assuming maybe it's included as part of a system roll up or something of the like? My question
Patch Vulnerability DB Report
DC is scheduled to update the patch vulnerability DB daily and email a report. This is great. Is there a way to have the report only show information relevant to our inventory? We do not have any Linux or Mac devices so I don't really need to know there is a new patch for these devices. Same with software we do not use. Today's report shows there is a new patch for Blue Jeans. We do not use Blue Jeans so I don't need to know there is a new patch. Thanks for the help.
Automatic deployment as new configurations for better overview
Hi It would be very helpful if ME DC would create new configurations for automatic deployment schedules where patches will be installed. This gives us an overview on the status of those installations, because currently it happens in the background and it's not clear (unless there's an easy way to get the status of those installations already).
Difference between these two hotfix webpages
Hi In my ME DC interface I see messages about available hotfixes (currently 10.0.140) that lead me to this page: https://www.manageengine.com/products/desktop-central/service-packs1.html?dci The normal page with hotfixes however, is this one: https://www.manageengine.com/products/desktop-central/service-packs.html What is the difference between both? It's quite confusing. I can also tell that when I tried to do an hotfix upgrade to 10.0.13x using the first page, the upgrade failed. The upgrade to
*WARNING* for admins using Automatic Patch Deployment
We just had a mini-crisis with desktop central patch deployment the other day as we had a mess of unapproved updates deploy through our automatic patch deployment policy. After sending our logs to support and long remote assistance session we learned exactly what caused us such a panic. I am sharing with the community to hopefully to spare anyone from a similar scenario. We got lucky in the end, the patches did not negatively affect our PCs. We will not make the same mistake twice. Chat transcript:
Where is KB4035631 (August 2017 Windows 10 Servicing Stack Update) within Patch Management?
This new servicing stack update is reported as a Critical Update for WIndows 10 1607 via WSUS - yet there is no sign of it at all within Patch Management in DesktopCentral. I have done several searches - updated DS patch database a few times and nothing can be found. While DS has accounted for all other August 2017 patches - if I am to start using this on a regular basis (and retire WSUS) - it needs to have the identical patches that are offered by WSUS at all times. Appreciate any insight as to
Any advice on Windows 10 patch management?
Hi I'd like to consider upgrade clients from Windows 7 Pro to Windows 10 Pro, but the automatic updates are still an inconvenience of that OS. I'd like to know what Manageengine recommendations are to be able to use the patch management feature of Desktop central properly. I can't find any guide on the website. Is there a way to disable automatic updates by Microsoft in the Pro version? Or will the defer updates need to be activated to avoid immediate update installations? If not both, what is the
Unable to update patch database using closed network process
Are there any known issues with updating the patch database using the closed network process in DC version 10.0.135? I have not been successful since our version upgrade 2 weeks ago.
Building a Quarterly Pilot/Prod Patching Process
Hello, I work for an MSP and we are trying to build a quarterly prod patching process that includes a pilot group scenario for a particular client and future clients. We currently use Kaseya(we are looking at moving off Kaseya for patching with a possible move to ManageEngine) and the communication from them is that based on how Microsoft handles superseding of Monthly CU/Rollups the Pilot and Prod patching would need to occur in between the releases of Monthly CU/Rollups to avoid superseding making
Can ManageEngines patch management deliver this?
Hi, we are looking for product to replace SCCM for windows patching for our ~3000 windows servers, our main requirements are: 1. Price << SCCM 2. Microsoft products patching (OS/Office/.net/etc basically everything WSUS does) 3. 3rd party products patching 4. Client->Server pull communication (no connections from server to clients are possible in some of our networks) 5. Multiple management/distribution points across network zones, communicating to "main node" for central view of overall estate.
Moving from WSUS to Desktop Central Windows Patch Management
Hello Everybody, I am looking for a guide on how to move from WSUS to Desktop Central patch management. And since we were setting up a GPO to connect clients to WSUS, should i modify the GPO or get use from it to move from WSUS to DC? Also, i received some windows update errors inside different servers (2008 R2, 2012, 2012 R2) because our WSUS server having a problem while we are pushing the updates through DC, so what solved the problem is removing " HKLM\Software\Policies\Microsoft\ Windows\WindowsUpdate"
Next Page