We have secutity issues with the current 3rd-party patch update situation via Syncro/Chocolatey (free version).
Our MS Intune/MS Defender indicates a lot of vulnerabilities regarding installed applications (mostly on endpoints so far).
I’ll attach an example (just 1 not to overload you but we have multiple occasions like 5-10% of our 2000+ assets).
My question is that since Chocolatey (free version) only updates software that was installed thru it, how does Syncro identify the installed 3rd-party apps on any device using Chocolatey to update?
I mean about the “UPDATE IF PRESENT” column of https://itforum.syncromsp.com/application_management_policies.
The example attached is showing that Adobe Reader is set in the policy to get updated if present but on the device it’s having a 2017 version installed and not updating.
Hey Dve, I am not 100% positive here, but I’m betting the issue is because of the fact that it’s version xi. If you selected the option to Install and Update, I’m almost certain you would get a second version, the current Adobe Reader DC installed and that would stay updated.
I’d also be willing to bet if you had a semi current DC version already installed, it would pick it up and update it to the latest. Mine does.
I don’t think actual complete version changes count as just updates, but I’m not sure. Hopefully a Syncro person can chime in and give clarification.
I think you’re right. You can try running chocolatey manually on an XI machine to verify. Also if you have any Adobe Reader’s that are not the MUI version, Chocolatey can’t update those at all. I made a script to fix those by removing the non-MUI version and installing MUI. You could modify the script to remove XI also if you wanted: Task - Remove Adobe Reader and Reinstall MUI Version - Pastebin.com
Syncro support replied privatelly to me:
“In your screenshot the user has XI MUI installed- I don’t believe this one was installed or updated by chocolatey because it’s not included in the list of available updates.” so mgiordano you were right.
But I still don’t know how the “update if present” works in 3rd-party app updates of Syncro…
So, let’s say you install Adobe Reader DC MUI manually on a machine, or say Chrome. You later install Syncro agent and you select Update if Present to these 2 packages. Syncro will see these on the machine, and since they are on the support list, they will now be updated by Syncro when updates are available in the Chocolatey repo.
Yes, That’s what we expected to work with. (and also experienced as we take over customers who has 100+ endpoints most of the time)…