|Show/Hide Hidden Text|
After an update to fix a threat becomes public knowledge, attackers will specifically target the exploit on unpatched devices. In line with security best practices to mitigate the impact of these types of attack it is always advisable to ensure computers are running the latest patches.
Depending on your company's policy, patches may be automatically installed as soon as they are released or reported as missing, or they may be tested in an internal sandbox environment before deployment to the Client's devices.
However, there may be instances where a problem was discovered with a patch after it was made publicly available, for example an issue did not manifest itself during the vendor's internal testing and was only discovered post-release.
To help deal with this situation with Microsoft patches, we have included the option to trigger the removal of Microsoft patches directly from the Dashboard.
There are two requirements:
|•||Device is running Windows Monitoring Agent 10.2.0 (or later)|
|•||Patch is marked as uninstallable|
To avoid accidental installation of the Patch in the future, once the uninstall action successfully completes, the patch's status changes to ignored.
When selecting multiple patches, only those that are marked as uninstallable are removed.
This dialog contains information on all the discovered patches across your devices and the number of entries may easily stretch into the tens of thousands. To simplify the management of these patches we have included three main filters along with column options to provide a more targeted information.
Please note, the Uninstall option is only available on devices running Agent 10.2.0 or later where the Microsoft Patch has Yes in the Uninstallable column.
Select the Patches
Ten Patches Limit
Up to ten patches are selectable for uninstall at any one time. Where you wish to remove more than ten Patches, we suggest batch deletion. Select the first ten choose Uninstall then repeat the process as often as required to remove any additional patches.
Recommendation: Reboot after Patch Uninstall
We strongly recommend rebooting the device once the Patch uninstall process is complete to ensure all remnants of the Parch are completely removed. Rebooting the device will also stop any of the Patch's dependencies which may have prevent the Patch's removal allowing the uninstall to begin.
Where the Patch status does not change from Installed (patch uninstall unsuccessful or requires a reboot) to Ignored the next time the scan runs after the restart we would suggest attempting to uninstall the patch again.
Patch Uninstall Process
After the Uninstall action is initiated the selected patch state moves to Uninstalling.
This action is immediately communicated to the Agent via the Persistent Connection (where available) or during the next scheduled 24x7 cycle.
Once the command is received, the Agent begins the uninstall process when Patch Management is inactive. i.e. it will not attempt to uninstall the patch where Patch Management is in the process of performing an action: scan, remediation or update.
We wait ten minutes after the last uninstall action completes before automatically running the Patch Status Scan and changing the Patch state to Ignored (uninstall successful) or Installed (Patch failed to uninstall or the device requires a reboot to complete the uninstall process).
The Patch Status Scan may also be manually initiated from the Dashboard.
|1.||Login to the Dashboard|
|2.||Right-click on the target device in the north pane (or from the Server or Workstation drop-down)|
|3.||Select Patch Management|
|4.||Run Patch Status Scan|
|5.||Once actioned this command is sent to the device and the Patch Status Check scan runs|
Please be aware that the Patch Status Check scan performs an intensive analysis of the system and as such it may take some time to complete.
Patch Management utilises the Windows WSUS database to determine which Microsoft patches are missing on a device and where a patch is superseded by a subsequent release, WSUS does not report the original patch as missing.
As such where an uninstalled patch was superseded it no longer appears in Patch Management.
For example, KB3140410 supersedes KB3121212, if KB3121212 is uninstalled on the device no longer appears in Patch Management with only KB3140410 displayed.