[Troubleshooting] Windows Vulnerability Patching

Siva Posted 23 May 2023 01:50

ES Manager shows that the endpoint requires a patching (KB 5016629), but when clicked on Patch it shows "Patching failed"

We can refer to several logs when troubleshooting vulnerability patching issues on Windows.

1. Download Log – This is the log where we can see the agent downloads particular KB patch from the download server.
C:\Program Files\SF\EDR\agent\var\log\sfpatch\patch\down\

2. Install Log – Here we can see the agent tries to install the downloaded .cab patch using Windows built-in DISM tool.
C:\Program Files\SF\EDR\agent\var\log\sfpatch\patch\install\

3. Patch log – This is a general log that briefly shows the combination of download and installation of the KB patch.
C:\Program Files\SF\EDR\agent\var\log\sfpatch\patch

4. DISM log – The agent installs patch using the Windows DISM command.

5. CBS Log – This log shows all the changes made on the Windows system file.

6. Download the patch as (.msu) installer from Microsoft Catalog portal in order to determine if there is issue with DISM install method.

7. Retrieve the installed patch details on the endpoint. (cmd > systeminfo.exe)

8. Compare the installed patch on endpoint and the KB5016629 details as shown in Microsoft Catalog. We can see the the endpoint had already installed a newer patch (KB5026368) that replaces KB5016629.

In this scenario, the vulnerability patch can be ignored as the endpoint had already installed a newer KB patch. 74085646baaf78dfb3.png

Like this topic? Like it or reward the author.

Creating a topic earns you 5 coins. A featured or excellent topic earns you more coins. What is Coin?

Enter your mobile phone number and company name for better service. Go

Newbie517762 Lv4Posted 23 May 2023 14:22
Thanks for your troubleshooting guide.
Faisal Piliang Lv8Posted 23 May 2023 19:32
Thank you very much for the information ...
Sangfor_SY Lv1Posted 24 May 2023 19:33
Very useful information, thanks for such a great guide. Appreciate it
Farina Ahmed Lv4Posted 25 May 2023 13:34
Wonderful information thanks for sharing.
CLELUQMAN Lv3Posted 06 Jun 2023 12:32
I vote for this article because it offers time-saving solutions for Windows vulnerability patching. The practical troubleshooting steps provided helps to address patching issues. By emphasizing the importance of comparing installed patches and avoiding redundant installations, it helps save valuable time and resources.
Yong Lv1Posted 06 Jun 2023 15:37
It honestly is a very detailed troubleshooting guide. I can learn the troubleshooting step by step and understand each log's purposes.
Edward Ma Lv1Posted 06 Jun 2023 15:40
I wanted to take a moment to express my gratitude for the user guide you've provided. The clarity and organization of the guide are outstanding, and I genuinely appreciate the effort that went into creating it. Thank you for creating such a valuable resource!

Trending Topics

Board Leaders