Desktop Central - Missing Patches - Office 2016 Deployment Tool
Hi all, I've got a support ticket with ManageEngine for issues with patches showing as missing on clients and failed downloads for Desktop Central (10.0.386). Most notably is the ever increasing number of "Office 2016 Deployment Tool" failed downloads increasing in number, 26511, 26527, 26557, 26740 and 26759 with a "Failed" Download Status and "Unable to execute command" remarks. Actually, checking today it's now 26740, 26742, 26759 and 26767 following the May Patch Tuesday of course. You have to
Patch Mgmt Error code documentation
I've googled and searched here but am unable to locate any good information as to what this error from Desktop Central means. The referenced assembly is not installed on your system. I have a handful of machines with this message on an update or two. When i check those machines, I do see the update sitting in the patches folder. I've checked the dcpatchmgmt.log and see the entry for it there, but it's not telling me what is missing or what's being looked for. Is there more information on this error
Patch Management with Dynamic custom groups filtering
Hello Folks, I am going to review the computers status that in patch management session, but i cannot filtering the targets by "Dynamic Groups", is there a way to add "Dynamic Groups" in filter option? Only static groups showing up.
Office 365 Patches Not Applicable
It looks like if you have SharePoint Designer 2013 installed, Office 365 updates will show as "Not Applicable". Noticed my computers stopped getting office patches since that was installed.
Highly critical processor chip flaw "ZombieLoad" patched
A new class of processor chip vulnerabilities targeting the 'speculative execution' portion of Intel chips has been discovered by a group of researchers a few days back. These three vulnerabilities are named ZombieLoad, fallout, and RIDL (Rogue In-flight Data Load). These flaws are rated highly critical by the team of researchers who discovered them. ManageEngine Desktop Central now supports patches for the ZombieLoad vulnerability. Name of the Vulnerability: ZombieLoad Severity : Highly critical
Add build numbers to patch description for Windows 10 cumulative updates
Hi, As far as I can tell, every Windows 10 cumulative update raises the OS build number, e.g. KB4499177 [1] will take the OS to build 14393.2999 (with the .2999 being the build number updated by the patch). As the release of a cumulative update invalidates all the previous cumulative updates, I would find it extremely useful if the patch description for the updates contained the build number (.2999) - so that I could tell at a glance if the patch being listed was a genuine update, or an erroneous
Questions on Patch Terminology, and Distribution Servers
Hello, After reading about patch deployment with Desktop Central I have the following questions: Define "Refresh Cycle" - When Desktop central scans for patches? Define "Deployment"? - Patch downloaded and installed? Do Distribution Servers hold the actual windows updates to update machines in a remote office, so the updates are only downloaded from the internet once? If so, can I change where those updates are stored on the Distribution server? Is a test group only available when I have manual
OS Upgrades 1803 -> 1809 Attempt to Apply Twice
Good Morning, After application of an OS upgrade via the "Feature Upgrade" packages, any deployments including the feature update for that machine attempt to apply again. I am not sure what is causing this behavior, but it looks like with the OS upgrade, ManageEngine does not remember that the deployment was applied, and attempts again. I have an example of a configuration with this behavior. Thank you!
CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability
Hello ME DC Team! Microsoft announced about critical issue in RDP: CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708 But Patch DB in ME DE don't have this patchs yet - when you planned add it to Patch Management in DC ??
Having issues with automated patch mgmt -
Hey. So we're trying to automate patching servers When testing we noticed after a server is done installing updates it reboots but then it does not check for updates again, DC only seems to do one wave of updates. We then created 2 deployment times on the same day 9AM-12PM and 4PM-8PM This time after rebooting it did the updates again but only with our 2nd deployment time however after everything was done, I logged in again and the server still had more pending updates. Is there a way configure DC
How to change path/location where Distribution Servers download the patches and software when replicate from DC Server?
Is there a way to change the path or location where a Distribution Server stores the Patches and Softwares replicated files? If I'm not mistaken this is the original path: C:\Program Files (x86)\DesktopCentral_DistributionServer\replication. But I would like to know if there is way to modify to a different location and Agents still be able to reach for them when contacting the Distribution Server. Thanks in advance,
May 2019 Patch Tuesday updates from ManageEngine
Hello peeps, Good day. Quick update on the May 2019 Patch Tuesday updates. New Security Bulletins : 2019-05 Security Update for Adobe Flash Player for Windows (KB4497932) 2019-05 Security Only Quality Update for Windows Server 2008 (KB4499180) 2019-05 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4499175) 2019-05 Security Only Quality Update for Windows Server 2012 (KB4499158) 2019-05 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 (KB4499165) 2019-05
Microsoft releases fix for the Wormable vulnerability (CVE-2019-0708)
Microsoft released this month's edition of Patch Tuesday with fix for a highly critical vulnerability. This vulnerability (CVE-2019-0708), dubbed "Wormable vulnerability", resides in "Remote Desktop Services" component and could be exploited remotely by sending specially crafted requests over RDP(Remote Desktop Protocol) to a targeted system. This vulnerability is present in Windows 7, Windows Server 2008 R2, Windows Server 2008 and in older versions like Windows XP and Windows 2003 as well.
Question about patch location and folders
I have noticed recently that machines that are missing patches don't seem to have a "patch" folder in the Desktop Central folder directory. IE: C:\Program Files (x86)\DesktopCentral_Agent\patches Those that do have the "patches" folder, don't seem to be showing on the Missing Patches report, Vulnerable or Highly Vulnerable report. Those that have the "patches" folder actually have patches downloaded into them. Those machines that don't have the folder, I can't seem to find downloaded patches on the
Superseded Updates still showing as Missing Updates
I have 65 updates that have been Superseded, going all the way back to August of 2018, that are showing up as Missing Updates. Of these 65, one of them was declined back in September of last year, but is still on the missing lists. The check boxes to select these updates is grayed out and when you mouse over it, it tells you it was Superseded. Problem is, these updates seems to still be showing and counting against the environment. Since taking over my current position in this new company, i've
Keepass 2.42 update download fails
Hi, the latest keepass update (2.42) is permanently marked as "download failed" and manually uploading the patch also fails with a useless "upload failed" message.
Java patch download failure "The request is forbidden.Http Status Code :: 403"
Hi, I am having a Java patch download failure, with the above error being logged in the "Action Log Viewer". There is a linked KB article that takes you here: https://www.manageengine.com.au/products/desktop-central/patch-download-failure-error-403.html?dci&did=45-1224-2018-01-22-12-50-41-8833 This article is about how you should have access to a list of common patch download sites set as accessible in whatever proxy you are using. However, when I go to the DC patch link: javascript:dcOpenWindow('patchinfopatchdetails.do?actionToCall=patchDetailsDO&patchDetails=true&PATCHID=307814'
Patch Download speed/time limiting
Morning, I've been trying to implement the patch management feature of Desktop Central. However, I've been running into a problem: we're on a very limited internet connection, and when it tries to download patches it entirely maxes out the connection and the other staff can't work. Is there any way to limit the download speed, set it to only download out of hours, or both? I haven't been able to find it. For now I'm turning the VM it is running on off each day, and turning it back on at the end of
End of Public Updates for Java SE 8 - Commercial Users upgrade your package
Oracle has announced changes to ongoing support for Java SE 8 (Standard Edition). This forum describes how Desktop Central will continue its support for Java SE 8 in January 2019 and beyond. More on this: Oracle recently announced changes to support for Public Updates for Java SE 8 In January 2019 Oracle will require those who wish to continue support for Java 8 SE to subscribe to the new Java SE Subscription offering to continue to receive Java SE 8 updates. This subscription covers all Java 8 SE
Can i please get an update on opened tickets #5313391 and #5311198
It's been a week and i've received no inital response from anyone.
Issue in booting up the machines after installing Windows updates.
Computers fail to boot after installing the following Windows updates: KB4493467, KB4493446, KB4493448, KB4493472, KB4493450, KB4493451 Note: This issue will occur for systems having Sophos Endpoint Security Installed. Reference: https://community.sophos.com/kb/en-us/133945 Desktop Central has marked these updates as 'Partially Superseded' and they won't be listed in the 'Missing Patches'. However, these updates can be viewed and uninstalled from the 'Installed Patches' view. Update 1: To make
Critical bug fixes in Google Chrome 74.0.3729.108
The Chrome team has rolled out the latest version Chrome 74.0.3729.108 with a huge list of bug fixes and improvements. This update comes with nearly 39 security fixes. Below is the list of CVE IDs that are rated 'Critical' CVE-2019-5805 CVE-2019-5806 CVE-2019-5807 CVE-2019-5808 CVE-2019-5809 CVE-2019-5810 CVE-2019-5811 CVE-2019-5812 CVE-2019-5813 CVE-2019-5814 CVE-2019-5815 CVE-2019-5816 CVE-2019-5817 CVE-2019-5818 CVE-2019-5819 CVE-2019-5820 CVE-2019-5821 CVE-2019-5822 CVE-2019-5823 To patch
Patch Management for Closed Network Not working in latest release 10.0.386
Hi, I think there is a bug in latest release 10.0.386 where Patch Management for Closed Network procedure is not working, I can update the database on internet but when transferring the updatedb folder to the closed network the update returns failed.
Group automated deployments
Currently, I am in the process of catching the machines up on updates. Since i've took over this position, it's been a very slow process. Due to a majority of our sites having very low bandwidth, we've opted to switch to manual pushes instead of automatic deployments. Mainly due to the fact that automated deployments grab all approved patches and push them all at once. What i want to do is create groups of deployments for patches, IE: Monthly security updates, Office updates, etc. Reasoning behind
Secure Gateway Download Requires a Version of Desktop Central Not available
Not sure if I'm missing something but we've had a problem with not being able to patch Roaming computers (over the internet) ever since we moved to the Forward Server, which I now believe is called Secure Gateway. After trying to spend some time troubleshooting the issue I decided to download the latest version of Security Gateway and reinstall it on the server dedicated to it in our DMZ. The latest version to download says it requires Desktop Central Version 10.0.391 and above (https://www.manageengine.com/products/desktop-central/forwarding-server-download.html)
Setting up Distribution Server supposed to bypass replication policy?
We've been having bandwidth issues with some offices. So it was decided that we were moving all of our replication policies to an overnight set of hours (midnight to 5am) and lowering the bandwidth. I had to set up another DS this afternoon, and i noticed it's been replicating since. This is out side of the replication policy by a lot. When setting up a new distributions server, is it supposed to override the replication policy? Or is there some sort of glitch here? I've also noticed throughout
Superseded patches still listed as missing after Desktop Central upgrade
We recently upgraded to version 10.0.347. Mainly due to a lot of bugs. However, we're still seeing updates that were superseded months ago listed in our missing patches list. Right now it's down to one last patch, 106372 MSWU-3134 2019-01 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows 10 Version 1809 for x64 (KB4481031) This was superseded in Feb by MS19-FEB8. Granted it's only missing on 1 machine, but since it's been superseded for so long, it still counts against
Approve Windows 7 April 2019 updates
Hi, We are not using Sophos products in our organization so we should not have an issue with booting. How do I go about manually deploying the critical Windows 7 updates which are marked as superseded? Thanks, Denis
sophos and patch 26487 MS19-APR6 2019-04 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4493472)
I have discovered that patch 26487 MS19-APR6 2019-04 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4493472) 26489 MS19-APR6 2019-04 Security Monthly Quality Rollup for Windows 7 for x86-based Systems (KB4493472) is causing an issue when sophos anti virus is installed https://community.sophos.com/kb/en-us/133945 when this patch is installed with sophos it will cause windows to hang for over an hour. is manageengine aware of this issue? for now i have declined this patch.
Adobe discontinues its support for Adobe Shockwave
Adobe has announced that Adobe Shockwave will not be supported anymore. Effecitve from April 9, 2019 Adobe Shockwave for Windows will no longer be available for download. But Adobe added that "Companies with existing Enterprise licenses for Adobe Shockwave continue to receive support until the end of their current contracts" Please note that Adobe has discontinued Adobe Shockwave for macOS on March 1, 2017. So, even if you have Adobe Shockwave installed in your environment, Desktop Central will
Desktop Central now supports Patch Tuesday April 2019 updates
Good day. A quick update on the April 2019 Patch Tuesday. New Security Bulletins : 2019-04 Security Update for Adobe Flash Player for Windows (KB4493478) 2019-04 Security Only Quality Update for Windows Server 2008 (KB4493458) 2019-04 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4493448) 2019-04 Security Only Quality Update for Windows Server 2012 for x64-based Systems (KB4493450) 2019-04 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 (KB4493467)
Replication Policy and Manual Push
I just have a question to clear up some confusion. If I have a replication policy to replicate from the Desktop Central server to the Distribution server set form 00:00 to 05:00, Monday through Friday, If I need to manually push an update to a handful of computers that are located at the site, will the manual deployment override the replication policy if a patch(es) are not on the distribution server yet? Or will the manual deployment status stay is Draft or In Progress mode, until the replication
Chrome releases a new stable version 73.0.3683.103
Google has just rolled out a new update for Chrome 73 that comes with some minor bug fixes and performance updates. With this latest update, Chrome will be inching closer to releasing the next big update — Chrome 74. Desktop Central now supports updating your endpoints to the latest version - Chrome 73.0.3683.103. If you're looking to update your Chrome, just look for Bulletin ID - TU-017 and Patch ID - 309433 (32-bit) and 309434 (64-bit)
Microsoft warns BSOD on devices after enabling EUDC
Microsoft has warned that if per font end-user-defined characters (EUDC) is enabled, the system will stop working and a blue screen will appear at startup. But it can be avoided if you don't install the following updates: KB4489894, KB4489890, KB4489888 and KB4489889. Desktop Central has suspended these updates and for users who already have these updates in your endpoints, kindly follow the steps given in the Microsoft's official KB article. https://support.microsoft.com/en-in/help/4496149
Skype automatic patch management
Hello, what is the best practice with Skype software update in patch management (Windows machines). Can we update Skype in automatic patch deployment time when user are logged in computers? Thanks!
Patch Management - Unknown Error. Code : 50007
Seeing the below error on our automatic patch deployment for the windows 1809 feature update Unknown Error. Code : 50007 Any ideas what this error means?
Critical updates released for Mozilla Thunderbird, iCloud, and iTunes
Apple and Mozilla have released critical updates in their products — iCloud (7.11.0.19), iTunes (12.9.4.102) and Thunderbird (60.6.1) respectively. Desktop Central now supports the patching of these updates. Below are the possible exploits for each application if they're left unpatched. Application: iCloud (7.11.0.19) Possible Exploit if left unpatched: Elevation of Privilege, Remote Code Execution Application: iTunes (12.9.4.102) Possible Exploit if left unpatched: Elevation of Privilege,
Critical security updates released for Firefox 66.0.1
Mozilla has released updates to address two critical vulnerabilities in Firefox 66.0.1 and Firefox 66.6.1 ESR (Extended Support Release). These vulnerabilities, that are addressed in CVE-2019-9810 and CVE-2019-9813, come as fixes for incorrect handling of files in IonMonkey (Mozilla's JIT compiler for SpiderMonkey). Desktop Central now supports these critical Mozilla updates. To patch your Mozilla Firefox with these latest critical updates, look for Patch IDs 309305,309306,309307 and 309309.
Patching to a Custom Dynamic Group
We name computers a special way. Anything that ends in "-TC" is a "Thin Client". These machines can be patched and rebooted nightly. So i created a dynamic group matching on "Computer Name" ends with "-TC". I have then two patch policies. One that's "Patch Nightly with Reboot Prompt" and the other "Patch Nightly Force Reboot". All computers are in the first patch policy with dynamic group "Thin Clients" filtered out. I now want to assign the "Thin Clients" group to the second patch policy but cant
Google Chrome releases stable version 73.0.3683.86
Google Chrome has updated the stable channel to 73.0.3683.86. This version comes with a bevy of features like the built-in dark mode, tab grouping, media key support etc. along with several bug fixes. Desktop Central now supports Google Chrome's latest version 73.0.3683.86 for Windows and Mac. If you're looking to update your Chrome to get your hands on the newest features, just look for Bulletin ID - TU-017 and Patch ID - 309264 (32-bit) and 309265 (64-bit) in Desktop Central.
Next Page