[Troubleshooting] Windows Vulnerability Patching
  

Siva Posted 23 May 2023 01:50

ES Manager shows that the endpoint requires a patching (KB 5016629), but when clicked on Patch it shows "Patching failed"
15708646ba7c82e856.png

We can refer to several logs when troubleshooting vulnerability patching issues on Windows.

1. Download Log – This is the log where we can see the agent downloads particular KB patch from the download server.
C:\Program Files\SF\EDR\agent\var\log\sfpatch\patch\down\
86358646ba80d2c5da.png

2. Install Log – Here we can see the agent tries to install the downloaded .cab patch using Windows built-in DISM tool.
C:\Program Files\SF\EDR\agent\var\log\sfpatch\patch\install\
23312646ba84179951.png

3. Patch log – This is a general log that briefly shows the combination of download and installation of the KB patch.
C:\Program Files\SF\EDR\agent\var\log\sfpatch\patch
18312646ba867c3f9c.png

4. DISM log – The agent installs patch using the Windows DISM command.
C:\Windows\Logs\DISM\
8113646ba888c3b99.png

5. CBS Log – This log shows all the changes made on the Windows system file.
C:\Windows\Logs\CBS\CBS.log
35445646ba8af9be1d.png

6. Download the patch as (.msu) installer from Microsoft Catalog portal in order to determine if there is issue with DISM install method.

7. Retrieve the installed patch details on the endpoint. (cmd > systeminfo.exe)

8. Compare the installed patch on endpoint and the KB5016629 details as shown in Microsoft Catalog. We can see the the endpoint had already installed a newer patch (KB5026368) that replaces KB5016629.
10199646ba9c850e83.png

In this scenario, the vulnerability patch can be ignored as the endpoint had already installed a newer KB patch. 74085646baaf78dfb3.png

Like this topic? Like it or reward the author.

Creating a topic earns you 5 coins. A featured or excellent topic earns you more coins. What is Coin?

Enter your mobile phone number and company name for better service. Go

Newbie517762 Lv5Posted 23 May 2023 14:22
  
Thanks for your troubleshooting guide.
Faisal Piliang Posted 23 May 2023 19:32
  
Thank you very much for the information ...
Sangfor_SY Lv1Posted 24 May 2023 19:33
  
Very useful information, thanks for such a great guide. Appreciate it
Farina Ahmed Lv5Posted 25 May 2023 13:34
  
Wonderful information thanks for sharing.
CLELUQMAN Lv3Posted 06 Jun 2023 12:32
  
I vote for this article because it offers time-saving solutions for Windows vulnerability patching. The practical troubleshooting steps provided helps to address patching issues. By emphasizing the importance of comparing installed patches and avoiding redundant installations, it helps save valuable time and resources.
Yong Lv1Posted 06 Jun 2023 15:37
  
It honestly is a very detailed troubleshooting guide. I can learn the troubleshooting step by step and understand each log's purposes.
Edward Ma Lv1Posted 06 Jun 2023 15:40
  
I wanted to take a moment to express my gratitude for the user guide you've provided. The clarity and organization of the guide are outstanding, and I genuinely appreciate the effort that went into creating it. Thank you for creating such a valuable resource!
MISMIS Lv3Posted 07 Jun 2023 20:57
  
The article explained the steps clearly, making the configuration process a breeze.
BitCloud Lv3Posted 07 Jun 2023 20:59
  
The guide's visuals and step-by-step instructions made troubleshooting a piece of cake.

Moderator on This Board

18
8
0

Started Topics

Followers

Follow

Trending Topics

Board Leaders