Jump to content
[[Template core/front/profile/profileHeader is throwing an error. This theme may be out of date. Run the support tool in the AdminCP to restore the default theme.]]

SteveYates last won the day on October 24 2018

SteveYates had the most liked content!

Community Reputation

3 Neutral

My Information

  • Agent Count
    < 500 Agents

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Just to follow up, we had several more incidents in the past month or so where groups of PCs would switch to Defender 10 (disabled) overnight, and it resolves itself a day later. After some back and forth with support we opted to just delete the Defender 10 virus config so it won't be detected anymore. The worst was when we were rolling out an update to add features to Bitdefender a few weeks ago and maybe 50%-80% of those PCs would switch to Defender. Support's stated reason/theory was that the Defender virus def file on disk got updated to be time stamped later than Bitdefender's, but they couldn't explain why it wouldn't/couldn't detect Bitdefender until after midnight. Bitdefender checks for updates hourly but even with the time stamp changed it wouldn't detect. Maybe when the Bitdefender update installed it installed an old definition file? Symantec did that, from several months prior and always the same day so was easy to spot the false positive.
  2. You can set a "defer feature updates" time in the MS Update policy in Patch Manager to defer them seeing the FU. Note that's measured from the Availability Date at https://docs.microsoft.com/en-us/windows/release-information/. So 1809 SAC is 3/28/19 + "n" days before that PC can see 1903.
  3. Based on what I've read my general understanding is something like: the license gives you a key, which you then activate and translate to another key which you add to Windows. Then in the end supposedly the updates will just get detected by WU. https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/How-to-get-Extended-Security-Updates-for-eligible-Windows/ba-p/917807
  4. I'm not clear, if you look at the patches on the individual PC does the CU not show? Perhaps there is something blocking it like a missing SSU (servicing stack update)? Patch Manager is going to show what the PCs see so if I'm following correct you'd need to fix this on the PC level. Also, you posted this on Nov. 26 asking about the October patch...if that's when you were looking I would expect that all PCs by then would have detected the November CU by that point meaning they won't see the October CU anymore...
  5. If it helps anyone we make use of a few monitors. One to check for PCs that don't have patches more recent than "n" (60 in this case) days: computers.lastcontact > DATE_ADD(NOW(),INTERVAL -1 DAY) and computers.os like '%microsoft%' AND computers.OS NOT LIKE '%Server 2003%' AND ( SELECT COUNT(hotfix.HotFixID) FROM hotfix INNER JOIN hotfixdata ON hotfix.HotFixID=hotfixdata.HotFixID WHERE hotfix.computerid=computers.computerid AND hotfixdata.Date_Added > DATE_ADD(NOW(), INTERVAL -60 DAY) ) = 0 Another for empty patching tabs: computers.lastcontact > DATE_ADD(NOW(),INTERVAL -5 DAY) and computers.os like '%microsoft%' and (SELECT COUNT(hotfixid)<=0 FROM hotfix WHERE hotfix.computerid=computers.computerid) (note recently Win10 PCs seem to get into that state but restarting the CWA agent and resending patches fixes it) A third for PCs missing approved patches...this one was much more useful back when Win7 had 10-15 patches per month...now there are only a handful per month. We run this monthly a week or two after we release patches: computers.lastcontact > DATE_ADD(NOW(),INTERVAL -5 DAY) and computers.os like '%microsoft%' and ( SELECT COUNT(hotfixid) FROM hotfix WHERE hotfix.computerid=computers.computerid AND approved=2 AND installed=0 ) > 2 All just have a generic "computers.ComputerID NotEquals 0" type of check condition so the logic is in the conditions.
  6. They used to have a tab I think under Dashboard/Management to show server/PC counts but pulled out in earlier this year. It was kind of weirdly displayed anyway. I would probably just create searches for servers and workstations, export to Excel, and sort or select cells to let Excel count.
  7. Since I asked, we updated Friday and no notable issues yet. Had a few not process the agent upgrade (upgrade runs and doesn't upgrade) but that's pretty normal...we have a script for that.
  8. Ah, I do recall seeing those scripts at some point in the past. You'd probably have to look up that registry key. We've always done it via antivirus as both Symantec and Bitdefender had options. We only use Bitdefender now, and it has 16 options to turn off, make read only. One is "external storage" and if I select Custom in that dialog box I get 7 other options like Firewire, SD Card, and Other.
  9. It depends on your IIS version but you should be able to search for it.
  10. Not sure why it matters when the PCs check...? The option in the agent template is a start time and every "n" hours. Install options have a day (Custom for multiple days) and duration. Not sure you can set two times. Restarting happens if patching finishes inside the reboot window, so can't really delay. This might be better handled via scripts, to say install all approved updates when desired, and reboot at 3am if there is a pending reboot? And just tell them it will check for new updates every 6 hours or whatever.
  11. OK, I was assuming the .exe was in Program Files. If you can't see the exe or definition files from the remote command line via dir then it's not going to detect, i.e. that's not the right path. If you can't find someone else with it maybe ask Cisco? When we used Symantec I did contact them when they changed engines and virus definition file paths, and even if they don't know Automate they can tell you where the file is.
  12. Notes on 2019.11? Not sure if this thread being quiet means less issues in recent patches, or just less posters...
  13. How big are the files? could it be hitting a size limit in IIS?
  14. Are you thinking of the antivirus? I didn't think Automate had an option to disable USB ports. Is that in a template setting?
  15. Windows 10 build number is available in searches as "OS Version" e.g. in the "Operating Systems and Service Pack Level\OS & SP - Windows 10 Workstations" search. Since the PC is on Win10 already, by definition, it doesn't need to extract the ISO. We run Mount-DiskImage -ImagePath "@ISO@" (Get-DiskImage "@ISO@" | Get-Volume).DriveLetter The latter's %powershellresult% should hold the mounted drive letter. Then run "%powershellresult%:\setup.exe /auto upgrade /quiet". No need to dismount as it goes away upon restart. Plus warnings about the upcoming restart, and a check at the beginning to see that the PC is logged out (which we do by default each night). For the download problem set up caching in Automate at each site, even if it's a workgroup (create a user on the "server" and connect using those credentials).
  • Create New...