Hello,
We are trying to determine why the Scan Results for two separate devices would show different security states for same product & version installed ?
Product/Version
Microsoft Silverlight 5.1.50918.0
Oct 30, 2019 12:22 PM
Hi @davidle
Hypothetically, If e.g. Host A has been last scanned 4 days ago, Microsoft Silverlight has been patched 2 days ago, and you have scanned Host B today, you'd see Host A displaying the last-known state before the patching, while Host B would have had detected that the application was patched due to the scan occurring after patching it.
This is essentially why frequent scanning is so important - it ensures timely updating of all vulnerability intelligence that flows into your database and thereby gets picked by Agents on the network.
Please check this particular scenario and drop me a comment if that wasn't the case. Make sure you compiled Host and Product smart groups before looking at the data because that may also be the issue - Smart Groups haven't been compiled hence displaying old known states while Completed Scans showing "the server-side" matching of the detection - hence yielding a different result - a compilation of Smart Groups should fix that.
I hope this helps.
Oct 31, 2019 07:23 AM
Hi @RDanailov ,
I have verified that the Host & Product Smart Groups compiled this morning. However, both devices that have the Silverlight 5.1.50918.0 show two different security states.
Attached will be two different screenshots:
QJ0500046.jpg shows that scan result of a device that has Silverlight 5.x and is Insecured.
BLV800G3M4.jpg shows the same application version installed and is Secured.
- David
Oct 31, 2019 09:30 AM
Hi @davidle,
Thanks for verifying the basics so promptly. So far we have it confirmed that some of your systems failed to return information for missing KBs for the Silverlight product, while others did return this information to the SVM Agent successfully. We shall understand what caused some systems do not deliver the information - was that because they have nothing pending, or was it because of WU problems?
Please run the following in Powershell on 1-2 systems that have been identified to have Secure Silverlight version, and run the same query on 1-2 other client systems that have been identified to have Insecure one:
Gwmi -Namespace root\ccm\SoftwareUpdates\UpdatesStore -Class ccm_updatestatus | where {$_.Title -match "Silverlight"} | Select Status,Title,ProductID
The correct, expected result of this test should be:
a) The 1-2 systems that show this product as "Secure" in SVM should show Silverlight patches as "Installed"
b) The 1-2 systems that show this product as "Insecure" in SVM should show Silverlight patches as "Missing".
Was this the outcome?
PS: I made a quick edit to improve the query after I've caught that the first one wouldn't have been ideal.
Nov 01, 2019 10:02 AM - edited Nov 01, 2019 10:26 AM