Hi,
I was wondering if it would be possible to add a feature to the above reports - it would be really helpful to have the ability to filter out “missing” KBS that have been super seeded by other updates, currently it does not offer a true reflection of patching.
Can you give an example please so I can better understand?
Mechanically, we pull available updates right from each individual machine, so if the machine hasn’t been updated in a long time and an update has been superseded another update, it would no longer show in missing (unless both updates still show as present on the machine itself). In other words, we report all available updates that Windows on any given particular machine is reporting to us.
Thanks for responding Andy.
For example - KB2267602 is showing that 250 devices are missing the update, however the devices have had updates which have super seeded KB2267602. So its displaying a false positive effectively.
Can you go to any one of those endpoints for me and see if you see those updates pending on the machine?
These are the definition updates and I was confused by this previously. It appears on the done list and the needs to be done list as it is “recurring update” under the same KB number. The view records shows the previous installations.
I wondered why it was always showing up with loads to be installed on the missing KB report
The machines show the option to Install within syncro
They are not showing as pending install because they do not need be, they have had updates which superseed as des.quinn said.
We need to be able to exclude KBS that have been super seeded and potentially mark the KB that has been super seeded.
Thanks
I think it is an active update that needs to be installed. It is KB2267602 V 1.417.9.0 that was installed yesterday but KB2267602 (Version 1.417.25.0) that was outstanding to be installed. The one below is from the installed record on the endpoint I was looking at that is now not on the missing KB list as it is installed on the device.
So KB2267602 will almost never be missing from the missing KB list as there will always be offline or machines that are still to apply the daily update. It is not superseded as such and they are to be installed but the “Installed KB2267602” down below are the old ones.
KB2267602 Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.417.25.0) - Current Channel (Broad)
You can exclude today in your policies, what I am saying is that if the machine is reporting it’s an update available, we’ll report it as a missing update by design. If you believe it shouldn’t be there because it’s not pending on the machine, I’d reach out to support for sure so they can dig into it and see what’s going on. That doesn’t sound like normal behavior then.
