Forum Discussion

AhmedSaied_2402's avatar
AhmedSaied_2402
Icon for Altostratus rankAltostratus
Apr 10, 2018

How APM calculate critical missing windows updates

Hello,

 

In APM it can check on windows update name like KB3170455 also it can perform another check from patch management on Microsoft Windows Update Agent and shows missing patches for example the following

 

Apr 11 17:10:47 F51 info apmd[5337]: 01490007:6: /Common/Access-Profile:Common:e886ad3b: Session variable 'session.check_software.last.pm.item_1.missing_updates' set to '11' Apr 11 17:10:47 F51 info apmd[5337]: 01490007:6: /Common/Access-Profile:Common:e886ad3b: Session variable 'session.check_software.last.pm.item_1.name' set to 'Microsoft Windows Update Agent' Apr 11 17:10:47 F51 info apmd[5337]: 01490007:6: /Common/Access-Profile:Common:e886ad3b: Session variable 'session.check_software.last.pm.item_1.state' set to '0' Apr 11 17:10:47 F51 info apmd[5337]: 01490007:6: /Common/Access-Profile:Common:e886ad3b: Session variable 'session.check_software.last.pm.item_1.vendor_id' set to '6'

 

Apr 11 17:10:47 F51 info apmd[5337]: 01490007:6: /Common/Access-Profile:Common:e886ad3b: Session variable 'session.check_software.last.pm.item_1.vendor_name' set to 'Microsoft Corp.' Apr 11 17:10:47 F51 info apmd[5337]: 01490007:6: /Common/Access-Profile:Common:e886ad3b: Session variable 'session.check_software.last.pm.item_1.version' set to '7.6.7601.23806'

 

I want to know how APM knows missing patches ?! it checks by epsec package we upload in System ›› Software Management Antivirus ›› Check Updates ?! or using another method ?!

 

1 Reply

  • Hi!

    Exactly that one question I am wondering about. Does anybody know the answer? Really appreciate your help.

    I have already analysed client PC with OESISDiagnose tool from epsec-1.0.0-936.0 image, collected APM session variables and analyzed WAAPI errror codes from https://github.com/opswatgears/innovation2014_topic2_1/blob/master/Mac/Source/ProcessMonitor/ProcessMonitor/wa_api_error_codes.h

     

    because there are such errors in Mac user session variables. But I still have no idea how exactly f5epi checks client OS, over some API calls? Is everything collected from the embedded software update subsystems? From logs it looks like f5epi just receive some kind of response from system update managers: Windows Update Agent (Win), Advanced Packaging Tool(Linux), Software Update(Mac)