Fix for Meltdown and Spectre
Hi All Greetings from Desktop Central technical support team. Please use Desktop Central's Patch management to mitigate the vulnerability. Here are the bulletin details from MS. CVE-2017-5753 - Bounds check bypass CVE-2017-5715 - Branch target injection CVE-2017-5754 - Rogue data cache loadFor more read.. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002 How to identify the Meltdown & Spectre using Desktop Central scan? 1. Sync the Patch DB & Scan all Systems. 2. To find
Mac OS patch (601384) gets the machine rebooted without notification
The patch crawler team has found that upon patching Mac sierra machines, it is getting rebooted arbitrarily even when "No Reboot" deployment policy is selected. From analyze, the team has confirmed patch 601384 naturally invokes the reboot action without notifying the customer. It seems it is the behavior of this update upon reading various 3rd party forums. A message has been added in the product UI to convey the Mac Sierra reboot message so that customers can get benefited and plan their patching
Metldown/Spectre patch not showing for half our machines.
I have a ticket open with Desktop Central on this but haven't gotten very far with them. Out of our 470 Desktops/Laptop, only about 250 of our Desktops/Laptops are showing that they are "missing" the Meltdown/Spectre Patch. All of our Laptops and Desktops are exactly the same hardware with the same AV versions. I checked to make sure the Patch was not installed on any machines which it isn't and we have Windows Patching disabled on all computers. I checked to see if the reg key below was on any of
How do I find out what patch forced a reboot?
Hello, I have automated patch management enabled in Desktop Central and until now it was doing a great job. It installed a patch on my PC and forcefully rebooted it without giving me any options. I have the Do Not Reboot flag checked in the deployment policy. Any idea on where I can start looking to see what patch forced the reboot so i can disable it? Thanks Anthony
Meltdown Patch
It doesn't look like MS has released the Meltdown patch yet. I'm wondering once its released how quickly ManageEngine will turn it around and if they'll send out a special notification that the patch is available?
Windows 10 1607 Update
Hello Our Windows 10 machines currently running 1151 build are not receiving the Anniversary edition update from Desktop Central. If we remove a machine from Desktop central, the update is downloaded. Machines with the desktop central agent do not receive the update, even though our scans are set to download all updates at all levels and deploy. Do you support this? Microsoft released this over 2 months ago. Thanks Chris
Update mismatch
Hi all, I'm struggling to get my head round something DC is doing on a couple of systems here in regards to mismatch of information on a system or two. Here is the missing patches listed as critical on one of our servers. And also a screenshot of the internet explorer about window indicating that this patch is installed. I've looked in windows update and it doesn't list the patch as installed so I'm assuming maybe it's included as part of a system roll up or something of the like? My question
Patch Vulnerability DB Report
DC is scheduled to update the patch vulnerability DB daily and email a report. This is great. Is there a way to have the report only show information relevant to our inventory? We do not have any Linux or Mac devices so I don't really need to know there is a new patch for these devices. Same with software we do not use. Today's report shows there is a new patch for Blue Jeans. We do not use Blue Jeans so I don't need to know there is a new patch. Thanks for the help.
Automatic deployment as new configurations for better overview
Hi It would be very helpful if ME DC would create new configurations for automatic deployment schedules where patches will be installed. This gives us an overview on the status of those installations, because currently it happens in the background and it's not clear (unless there's an easy way to get the status of those installations already).
Difference between these two hotfix webpages
Hi In my ME DC interface I see messages about available hotfixes (currently 10.0.140) that lead me to this page: https://www.manageengine.com/products/desktop-central/service-packs1.html?dci The normal page with hotfixes however, is this one: https://www.manageengine.com/products/desktop-central/service-packs.html What is the difference between both? It's quite confusing. I can also tell that when I tried to do an hotfix upgrade to 10.0.13x using the first page, the upgrade failed. The upgrade to
*WARNING* for admins using Automatic Patch Deployment
We just had a mini-crisis with desktop central patch deployment the other day as we had a mess of unapproved updates deploy through our automatic patch deployment policy. After sending our logs to support and long remote assistance session we learned exactly what caused us such a panic. I am sharing with the community to hopefully to spare anyone from a similar scenario. We got lucky in the end, the patches did not negatively affect our PCs. We will not make the same mistake twice. Chat transcript:
Where is KB4035631 (August 2017 Windows 10 Servicing Stack Update) within Patch Management?
This new servicing stack update is reported as a Critical Update for WIndows 10 1607 via WSUS - yet there is no sign of it at all within Patch Management in DesktopCentral. I have done several searches - updated DS patch database a few times and nothing can be found. While DS has accounted for all other August 2017 patches - if I am to start using this on a regular basis (and retire WSUS) - it needs to have the identical patches that are offered by WSUS at all times. Appreciate any insight as to
Any advice on Windows 10 patch management?
Hi I'd like to consider upgrade clients from Windows 7 Pro to Windows 10 Pro, but the automatic updates are still an inconvenience of that OS. I'd like to know what Manageengine recommendations are to be able to use the patch management feature of Desktop central properly. I can't find any guide on the website. Is there a way to disable automatic updates by Microsoft in the Pro version? Or will the defer updates need to be activated to avoid immediate update installations? If not both, what is the
Unable to update patch database using closed network process
Are there any known issues with updating the patch database using the closed network process in DC version 10.0.135? I have not been successful since our version upgrade 2 weeks ago.
Building a Quarterly Pilot/Prod Patching Process
Hello, I work for an MSP and we are trying to build a quarterly prod patching process that includes a pilot group scenario for a particular client and future clients. We currently use Kaseya(we are looking at moving off Kaseya for patching with a possible move to ManageEngine) and the communication from them is that based on how Microsoft handles superseding of Monthly CU/Rollups the Pilot and Prod patching would need to occur in between the releases of Monthly CU/Rollups to avoid superseding making
Can ManageEngines patch management deliver this?
Hi, we are looking for product to replace SCCM for windows patching for our ~3000 windows servers, our main requirements are: 1. Price << SCCM 2. Microsoft products patching (OS/Office/.net/etc basically everything WSUS does) 3. 3rd party products patching 4. Client->Server pull communication (no connections from server to clients are possible in some of our networks) 5. Multiple management/distribution points across network zones, communicating to "main node" for central view of overall estate.
Moving from WSUS to Desktop Central Windows Patch Management
Hello Everybody, I am looking for a guide on how to move from WSUS to Desktop Central patch management. And since we were setting up a GPO to connect clients to WSUS, should i modify the GPO or get use from it to move from WSUS to DC? Also, i received some windows update errors inside different servers (2008 R2, 2012, 2012 R2) because our WSUS server having a problem while we are pushing the updates through DC, so what solved the problem is removing " HKLM\Software\Policies\Microsoft\ Windows\WindowsUpdate"
What does desktop central trigger off to generate the "reboot Required" flag?
We had some technical issues recently and we have a large number of machines reporting reboot required but its not the flag that prompts users. We are trying to determine what resets this flag so we can better understand the issue. Boxes showing this were patched and rebooted after the patch.
What is going on with Desktop Central patch management?
Upon doing a standard check within Desktop Central this morning – the system is telling me that three of my Windows 10 workstations are missing “critical” patches. In this case – it is KB 4038806 from Sept 2017: However – these each of these three workstations have already had the most recent October 2017 Adobe Flash player patches applied to them via WSUS – AND 4038806 was previously installed on all of them back in Sept per normal Finally – within WSUS – the patch that DS insists is missing – has
Alert on pc patch detail
When looking at the patch detail of some pc's i noticed that some of them have an alert saying scan Title then under it Scan Content. I was wondering if someone could tell me what that means? I am attaching a screenshot of the message.
MS october 2017 patchs - where?
Hi ALL! How i can install all patch from October Patchday from MS ??
From version Firefox 56, 32-Bit Firefox Users on 64-Bit PCs Will Be Auto-Upgraded to 64-Bit Firefox.
Starting with Firefox 56, Mozilla will silently and forcibly auto-upgrade some users of 32-bit Firefox to 64-bit versions. Obviously, the only ones that will be auto-migrated are users who run 32-bit versions of Firefox on computers with 64-bit architectures. Desktop Central’s patching for Firefox will work based on Mozilla’s auto upgrade behaviour: 1. For computers with 32-bit architecture , you will be patched with the latest 32-bit versions of Firefox. 2. For computers with 64-bit architecture
Order of patch deployment
In what order are patches applied during the patch deployment process of APD jobs? I understand that check in and download and actual deployment start times are random and based on when a box checks in. But once a box has checked in, downloaded the binaries and then reaches its designated deployment window in which order are patches actually deployed. Here is an example list of patches missing on a client. I assume it will install oldest to newest but that is an assumption and would prefer to not
computer status says restart required but no patches were recently installed
I just updated to 10.0.132 and now a lot of my computers have a status of needing reboot. Some of these are servers which were never patched and rebooted recently yet there is an alert saying that "Reboot Required Critical patches have been deployed to this computer that requires system to be rebooted. Reboot the computer for the patches to take effect.". Now some of the servers that had that message I rebooted and it went away but there are some I have to schedule time to restart. Why does it give
Unable to install below patch on windows 2012 r2 server
Unable to install below patch on windows 2012 r2 server 2017-09 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB4038792) 2017-09 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB4038793
Issue in updating below patch in window 2012 R2 servers
Severity Release Date Patch ID Bulletin ID Patch Description Vendor Patch Type Approve Status Remarks Deployed Time Critical Sep 12, 2017 22993 MS17-SEP1 2017-09 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB4038792) Microsoft Rollups Approved -- -- Critical Sep 12, 2017 23000 MS17-SEP1 2017-09 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB4038793) Microsoft Security Update Approved -- --
issue in updating below patches on windows 2012 r2 servers
Severity Release Date Patch ID Bulletin ID Patch Description Vendor Patch Type Approve Status Remarks Deployed Time Critical Sep 12, 2017 22993 MS17-SEP1 2017-09 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB4038792) Microsoft Rollups Approved -- -- Critical Sep 12, 2017 23000 MS17-SEP1 2017-09 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB4038793) Microsoft Security Update Approved -- --
23170 MS17-SEP6 Security Update for Microsoft Office PowerPoint 2007 (KB3213642) trying to install on systems that has 2016 version
We have users with office 365 suite and this patch keeps failing after trying to install itself.. I think logic detection is broken.. please update it DB
Error deploying Patch "patch is not applicable for this target"
Good Morning, I have searched the KB and forums for an answer to this without success. I tried to deploy a simple Adobe update 11.08. It executed and returned "The patch i not applicable for this target". What is the root cause, and how do I proceed? Thank you in advance.
Fix available: Experiencing a Black Screen in Windows 10 V 1703?
What you might be facing? When restarting Windows 10 Version 1703 after a Windows Store application update is installed, some Windows 10 devices that have OEM factory images and were released with incorrect registry keys may experience a black screen on their device for 5-10 minutes. Deploy Desktop Central's patch to fix this issue: Navigate to Patch Mgmt tab -> Perform Patch DB Sync -> Perform Patch Scan for Win 10 Version 1703 computers -> Choose Missing Patches -> Search for Bulletin ID MSWU-2667
SQLServer2014-KB4019091-x64.exe keeps failing to install although Windows Update says it is not needed....
Desktop Central keeps telling me my server, port-svr-cfm needs the patch SQLServer2014-KB4019091-x64.exe, however, if you do a Windows Update scan on the server itself, it is not needed. If I try to install it on the server, it keeps failing with Unknown Error. Code : -2068643838. This is causing the server to stay in a Vulnerable state, making our reports for the month wrong. Please help? Todd
Windows XP Patch Deployment Fails
I am hoping someone can help me. After my most recent patch to 10.0.91, I can't seem to deploy patches to any of my Windows XP machines. I have no problem sending patches to my Windows 7 machines, only with the XP machines. In the console it sits at ready to execute indefinitely and if I drill into the execution status it sits at yet to apply. After I deploy the patches I want, if I go to that target XP machine, there is an error message on the screen as follows: dcconfig.exe - Entry Point Not
Desktop Central in AWS
I was curious if anyone has moved their Desktop Central infrastructure over to AWS or deployed it in AWS from the start. Any drawbacks? We are exploring due to the HA it can provide, but hesitant due to the cost that my be associated because of the large amounts of data it transfers. Any info would be appreciated. Thanks!
Patch Sync Failed!
Your Patch Database is not up-to date. To synchronize your Patch Database, contact support with server logs. #242436
Windows 10 Delta patches
Hi I dont see any delta patches for August 2017 in particular this one for Windows 10 2017-08 Delta Update for Windows 10 Version 1607 for x64-based Systems (KB4034658) Thanks Andy
DC Patch update not syncing with Server Store
Hi, I have Desktop Central Build No:92038 where I used to deploy Windows and Software updates through DC console to our workstations and Servers, and everything was fine till April 2017 but since then all of sudden patches are not being synchronized with Desktop Central whereas Data Store has all updated patches till today are present. Any idea please what went wrong??
patch 22973 "SQL2014 SP2 GDR Update" keeps want to install even though our SQL is higher version
why DC keeps pushing patch that is not meant for the version of SQL2014.. when manually installing we are getting notification that our version is patched. "The SQL Server patch package is part of a general distribution release (GDR). This package cannot be applied since this SQL Server feature has already been patched. To continue, you must install higher version of the SQL Server Patch.
Win10 patching strange logic
Hi I have some investigation and see very strange logic... 1. I see machines still needs replaced patch (it's not required if I run Windows Update): 2017-05 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4023680) patch replaced by: Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4022715) Information from MS site: http://www.catalog.update.microsoft.com/Search.aspx?q=KB4022715 2. Question from same URL - There are Delta Update for Windows
Optional "Critical" Updates??
Have a look at this Optional MS updates do not have the same granularity as security updates I want critical updates to be automatically deployed. I don't want to automatically deploy unrated optional updates. It would make the most sense to have each category of updates have the same granularity as "Security" updates. Does an optional "critical" update even make sense? Thanks!
Filters values are not in alphabetical order
When creating filters for patches (this is the only place ive tested so far) the value pull-down area when selected shows all the applications but are not in alphabetical order.. This makes it extremely difficult to find your application if you have thousands of applications.. Please advise..
Next Page