Security Basics mailing list archives

RE: GFI LanGuard patch-management ... does not work !?

From: "David Gillett" <gillettdavid () fhda edu>
Date: Tue, 28 Dec 2004 08:48:20 -0800

  Technically, these are false NEGATIVES.  But Windows does also
have a problem with false positives:  patches that report as 
installed, even though they won't actually take effect until the 
box is rebooted (and perhaps sometimes not even then).

David Gillett

-----Original Message-----
From: Matt Byrne [mailto:matt.byrne () ntlworld com]
Sent: Thursday, December 23, 2004 5:53 AM
To: security-basics () securityfocus com
Subject: RE: GFI LanGuard patch-management ... does not work !?

Hamid,

I believe it is something to do with the way Windows handles patch
installation information.  Some patches on some MS operating 
systems always
come up as missing even when installed multiple times (good 
examples being
MS 03-023 and MS 03-011) this is not just a GFI issue even MS 
own tool MBSA
reports these false positives, and generally they are the 
same patches.  I
have heard that MS are re-engineering the way patches are 
recorded in the OS
to eliminate these false positives; the sooner the better!

Regards, 
Matt.

-----Original Message-----
From: Hamid . K [mailto:elite_netbios () yahoo com] 
Sent: 07 December 2004 06:03
To: security-basics () securityfocus com
Subject: GFI LanGuard patch-management ... does not work !?

Hi

Here in our domain , as a beta solution 
I tried GFI-Security scanner and it`s remote patch
installation feature .
well , seems it`s just a demo !
and what does "demo" means ?
my first scan resault was cool . it detected some
missing patches , I downloaded them to it`s repository
and finally I deployed them .
But on next schedule , I got samething !
scan resault told me same things as first
scan/deployment
and seems non of those patched are not going to be
identified/installed .
the proccess seems to be working , like transfering
patches and installation . all seems ok
but why GFI detect them as missing patches again !?

I tried all possible ways to deploy ..forcing reboot ,
unattended deployments , skipping user notifications
and etc.

any idea , why it does not work fine ?

regards
H,K

__________________________________ 
Do you Yahoo!? 
The all-new My Yahoo! - Get yours free! 
http://my.yahoo.com

Current thread:

GFI LanGuard patch-management ... does not work !? Hamid . K (Dec 07)
- RE: GFI LanGuard patch-management ... does not work !? Matt Byrne (Dec 23)
  - RE: GFI LanGuard patch-management ... does not work !? David Gillett (Dec 28)