Understanding Scans

From Wiki

Jump to: navigation, search

Contents

Overview

Once an analysis is displayed after scanning the network, the main interface is split into three window panes. The left window pane contains three tabs that allow you to choose how you wish to organize your results. The Hosts tab displays the machines analyzed. The Products tab displays the available platforms/products for which patches have been analyzed. The Patches tab displays the patches located or available for all selected systems.

The upper right window pane displays the content and properties of the patches according to the organization currently selected and active in the left pane. The lower right window pane displays the details about the currently selected item in the upper right pane, including links to in-depth articles about a selected patch. On the Hosts tab, the left pane displays a tree control view of your network. Click on a plus to expand a level or a minus to collapse a level. At the system level, the right pane displays information relevant to that system. On the products tab, the same information is sorted by platform, OS version, or application.

View

The View buttons control the information presented:

All - Displays all available patches; installed, not detected, having a note or alert associated, that are applicable to the selected system.
Installed - Displays all patches detected as installed on the selected system.
Missing - Displays patches that are available for, but not detected on, the selected system.
Policy - Displays systems and patches (from the active scan) according to association and compliance with a defined policy.
File:PMUSWarr.png Warning: Patch Manager is a SECURITY product. It includes security-related patch information from Microsoft, (Sun Systems, and other vendors as applicable). It does NOT include usability or functional bug fix information. Due to the importance of security in today's IT environments, Patch Manager will err in favor of providing more information in hopes of making a greater contribution to environments analyzed.


Analysis Icons

The follow icons are used in the patch analysis display:

File:PMUSInstalled.png

Installed

Patch was detected as installed.

File:PMUSPartial.png

Partial Analysis/Key Installed

The Registry key indicates that the patch has been installed, but it may have been overwritten. Further research is suggested.

File:PMUSMissing.png

Missing Patch

was not detected as installed.

File:PMUSWarrning.png

Warning

A DLL file that is part of this patch was detected at a higher version than expected. This is generally not problematic, but should prompt additional research and/or verification.

File:PMUSNote.png

Note

Patch status was not conclusively determined; includes a note with more information.

File:PMUSError.png

Error System

could not be analyzed (no access, machine down, etc.).

File:PMUSServicepack.png

Service Pack

Service pack, which is a collection of patches and hotfixes.

File:PMUSPatch.png

Patch

Patch; a piece of code that fixes, improves, or secures an existing application or operating system.

File:PMUSSsp.png

Superseded

Patch that has been superseded by a subsequent patch.

File:PMUSWp.png

Withdrawn Patch

Patch has been withdrawn. Install the recommended patch or rollback to the approved prior revision.

File:PMUSPp.png

Prerequisite Patch

Patch is required prior to installing a subsequent patch.

File:PMUSUp.png

Undetermined Patch

Patch status is undetermined; evidence of the patch installation exists, but research is suggested. Check the Ecora Notes for details.

File:PMUSUnrqp.png

Not Required Patch

Patch is not required; this fix requires that file be changed that are not present. Not applicable.

File:PMUSExcp.png

Exception

This patch cannot be pushed due to unusual circumstances, such as the fix requiring an administrative task or a patch that requires a manual install.

File:PMUSUnpush.png

Unpushable Patch

This patch cannot be pushed unless remediation settings are changed (for example, a patch that requires Single-User Mode cannot be pushed if the Allow Single-User Mode option has not been enabled in the System properties).

File:PMUSConflict.png

Conflict Patch

This patch cannot be pushed due to a conflict with an installed patch. This missing patch is mutually exclusive with a patch that's installed. If there are prerequisite requirements, Patch Manager attempts to determine them and provide the information in a pop-up.

File:PMUSNp.png

Noted Patch

Patch with an associated user note.

File:PMUSEcoranp.png

Ecora Note Patch

Patch with an associated Ecora note.

File:PMUSIgnored.png

Ignored Patch

Patch is not included in system analysis.

File:PMUSApproved.png

Approved Patch

Patch has been approved for installation or rollback by the user.

File:PMUSUnapproved.png

Unapproved Patch

Patch has not been approved for installation or rollback by the user.

File:PMUSUndercontrs.png

Under Construction

This feature has not been implemented at this time.

File:PMUSHighrisk.png

High Risk

Patch addresses an issue rated as high risk according to CIAC (Computer Incident Advisory Committee).

File:PMUSMedhigh.png

Med-High Risk

Patch addresses an issue rated as medium to high risk according to CIAC (Computer Incident Advisory Committee).

File:PMUSMed.png

Medium Risk

Patch addresses an issue rated as medium risk according to CIAC (Computer Incident Advisory Committee).

File:PMUSLow.png

Low Risk

Patch addresses an issue rated as low risk according to CIAC (Computer Incident Advisory Committee).


Notes

  • Patch Manager tests the registry and .dll file versions and checksums. Other criteria associated with a hotfix can be stored in configuration metadata that cannot be readily inspected.
  • If Patch Manager cannot irrevocably determine that a patch is installed, it does not mean that the patch is not installed, just that it can't be proven and Ecora would rather report conservatively than provide false assurance. Reinstalling a hotfix will probably not change the condition, as there are elements of the hotfix Patch Manager cannot evaluate.
  • The Warning condition appears when a DLL associated with a hotfix is discovered to be a more recent version than was delivered in the original hotfix. This can occur when a subsequent update has replaced the original. This does not necessarily mean that the hotfix was not installed; it is just that this system did not meet all criteria. Reinstalling the hotfix will probably not change the condition, as it is Microsoft's practice not to replace newer DLLs.
  • Patch Manager distinguishes unbundled and bundled (part of an OS release) Unix patches by column in the upper right pane.
  • Although it does not alter the display, OS languages other than English are detected, tracked, and correct language-OS-specific patches are downloaded and applied.
Retrieved from "http://www.ecora.com/wiki/index.php/Understanding_Scans"
Personal tools