[Troubleshooting] Windows Vulnerability Patching
  

Siva Posted 23 May 2023 01:50

ES Manager shows that the endpoint requires a patching (KB 5016629), but when clicked on Patch it shows "Patching failed"

We can refer to several logs when troubleshooting vulnerability patching issues on Windows.

1. Download Log – This is the log where we can see the agent downloads particular KB patch from the download server.
C:\Program Files\SF\EDR\agent\var\log\sfpatch\patch\down\

2. Install Log – Here we can see the agent tries to install the downloaded .cab patch using Windows built-in DISM tool.
C:\Program Files\SF\EDR\agent\var\log\sfpatch\patch\install\

3. Patch log – This is a general log that briefly shows the combination of download and installation of the KB patch.
C:\Program Files\SF\EDR\agent\var\log\sfpatch\patch

4. DISM log – The agent installs patch using the Windows DISM command.
C:\Windows\Logs\DISM\

5. CBS Log – This log shows all the changes made on the Windows system file.
C:\Windows\Logs\CBS\CBS.log

6. Download the patch as (.msu) installer from Microsoft Catalog portal in order to determine if there is issue with DISM install method.

7. Retrieve the installed patch details on the endpoint. (cmd > systeminfo.exe)

8. Compare the installed patch on endpoint and the KB5016629 details as shown in Microsoft Catalog. We can see the the endpoint had already installed a newer patch (KB5026368) that replaces KB5016629.

In this scenario, the vulnerability patch can be ignored as the endpoint had already installed a newer KB patch.

Like this topic? Like it or reward the author.

Creating a topic earns you 5 coins. A featured or excellent topic earns you more coins. What is Coin?

Enter your mobile phone number and company name for better service. Go

Leah28 Posted 11 Jun 2023 12:43
  

The article went beyond expectations by including detailed examples and practical applications.
Tree Bee Lv1Posted 11 Jun 2023 12:39
  
This troubleshooting guide deserves applause! It addressed all my issues and offered effective solutions that resolved them promptly.
Quennie Hintaro Posted 11 Jun 2023 12:36
  
The article's inclusion of detailed examples and real-world use cases showcased the function's versatility and inspired me to explore innovative applications.
Jigen87 Lv3Posted 11 Jun 2023 12:31
  
Thanks to this troubleshooting guide, I overcame my hurdles with ease.
soneosansan Lv3Posted 11 Jun 2023 12:29
  
The article's clear and concise language made it a joy to read.
Prilipo Lipi Posted 11 Jun 2023 12:26
  
This function experience article opened up a world of possibilities. It enriched my understanding and empowered me to leverage the function's full potential.
MarioC Lv2Posted 07 Jun 2023 21:52
  
The article's extensive coverage, including detailed examples and real-world applications, showcased the function's versatility and empowered me to explore new possibilities.
Tonybe Lv2Posted 07 Jun 2023 21:49
  
The article was a pleasure to read, thanks to its clear and concise language. It simplified complex troubleshooting procedures, making them accessible to all.
Janong Lv2Posted 07 Jun 2023 21:45
  
The inclusion of detailed screenshots for each configuration step was a game-changer. They provided visual cues that helped me execute the setup flawlessly.
Rizmae Lv2Posted 07 Jun 2023 21:40
  
This article went the extra mile by providing in-depth examples, use cases, and best practices. It left me feeling confident and empowered to utilize the function to its fullest.

Moderator on This Board

3
14
3

Started Topics

Followers

Follow

43
2
2

Started Topics

Followers

Follow

1
3
5

Started Topics

Followers

Follow

7
11
4

Started Topics

Followers

Follow

18
8
0

Started Topics

Followers

Follow

Trending Topics

Board Leaders