1 2 Previous Next 17 Replies Latest reply on Mar 23, 2015 11:28 AM by Jim Wilson

    Analysis Options

    Jegavelan Sargunan

      Hello,

       

          What is the difference between these two analysis one  by selecting group with security option alone and next create a smart have the same options by selecting the list. I  see huge difference in the results

       

       

        • 1. Re: Analysis Options
          Bill Robinson

          what filters are you including in the catalog?  are there patches from other products included in the 'security patches' result that are not from microsoft products ?

          • 2. Re: Analysis Options
            Jim Wilson

            Do you mean the results of the Patch Analysis Job?

            A key difference is that using an Includes list causes all supersedence to be ignored... 

            • 3. Re: Analysis Options
              Jegavelan Sargunan

              Its Just for IE

              • 4. Re: Analysis Options
                Jegavelan Sargunan

                Its in reverse so why i opened this thread, I get around 2000 missing patches for 1000 servers in group , but in the list i get around 8000 patches. If the list ignore supersede patches then it should be less than 2000 for the list

                • 5. Re: Analysis Options
                  Rajeev Gupta

                  For first case, it checked in Shavlik and provides the output.

                  For second, this checks for the kb number which you have input.

                   

                  Now, It could be that the server does not have those softwares/roles installed and hence not needed when done against shavlik. On the other hand, in the list there might be some patches which do not match the features and hence it shows more.

                  • 6. Re: Analysis Options
                    Jim Wilson

                    Jega Velan wrote:

                     

                    Its in reverse so why i opened this thread, I get around 2000 missing patches for 1000 servers in group , but in the list i get around 8000 patches. If the list ignore supersede patches then it should be less than 2000 for the list

                    If you specify an Includes list, the Analysis will test every patch in the list.

                    If you don't specify an includes list supersedence rules will be applied

                    • 7. Re: Analysis Options
                      Jegavelan Sargunan

                      Let me explain better first

                       

                      I ran two audit jobs for IE patches

                       

                      First Jobs Options and Result

                       

                      Second Job Options and Results

                      2015-03-11_5-17-47.png

                       

                      2015-03-11_5-25-40.png

                       

                       

                       

                       

                      Even though i excluded some x number days patches in the scan, I get a huge difference on missing patches

                      • 8. Re: Analysis Options
                        Jim Wilson

                        Installed Hotfixes

                        In the Group method, the higher number of Installed HotFixes is because the detection is able to to use the supersedence data to determine "Installed" and "Effectively Installed" hotfixes.   

                         

                        Missing Hotfixes

                        In the Group method, the lower number of Missing HotFixes is because the detection is able to use the supersedence data, and only actually select the latest as missing. 

                         

                        Additional Data

                        When you install a single patch that replaces (supersedes) other patches, the patches that were not installed but that have been replaced by the newer patch are considered effectively installed since you have at least the expected file version or greater for each of the files.

                         

                        For example, suppose you install a new Windows machine and then install a patch that replaces 20 earlier patches. While you've only 'installed' one patch, you've effectively installed 20 other patches.

                          

                        When you use an Includes list, which ignores supersedence, the same scenario would test all 21 patches, and potentially mark them all as missing.

                         

                        Note that per your results above, the Group method will bring the target up to date by installing only a quarter of the number of hotfixes that the "manual" method has selected.  This is a massive saving!! 

                         

                        I would recommend that you use Group method

                        • 9. Re: Analysis Options
                          Jegavelan Sargunan

                          Thanks for your answer, Just wanted to know this will  work or not,  just like a group but not the entire group is selected cos i need to add the exclusion

                           

                          2015-03-11_9-53-48.png

                          • 10. Re: Analysis Options
                            Jim Wilson

                            Having an exclude does not cause supersedence to be ignored.

                            You can use Group option and add exclusions

                             

                            If you really want to use an includes Smart Group, add a condition so that you don't process superseded hotfixes

                             

                            Any HotFix Where ??PATCH_TYPE*?? equals Microsoft Security Patch   AND

                            Any HotFix Where ??SUPERSEDED_BY*?? equals Null 

                            • 11. Re: Analysis Options
                              Jegavelan Sargunan

                              Thanks for the information, I wanted to know what is the exact syntax for null

                               

                              Any HotFix Where ??SUPERSEDED_BY*?? equals Null  has a drop down with list of suppressed there is no value null in the drop down do i need select each into the rule ?

                              • 12. Re: Analysis Options
                                Jegavelan Sargunan

                                How does it works any answer i dont see the Null options if i select ??SUPERSEDED_BY*??

                                Any HotFix Where ??SUPERSEDED_BY*?? equals Null  

                                • 13. Re: Analysis Options
                                  Jim Wilson

                                  Don't enter anything:

                                  Screenshot - 18_03_2015 , 08_54_54.png

                                  Click the green/white check mark and:

                                  Screenshot - 18_03_2015 , 08_55_08.png


                                  • 14. Re: Analysis Options
                                    Jegavelan Sargunan

                                    Is this logic correct for the irrelevant patches

                                     

                                    2015-03-18_10-26-03.png

                                     

                                    If i try to recreate the same logic in a new smart group removing present irrelevant patches smart group i get this error

                                     

                                    1 2 Previous Next