Open-AudIT

What's on your network?
It is currently Thu Apr 26, 2018 11:43 pm

All times are UTC + 10 hours




Post new topic Reply to topic  [ 7 posts ] 
Author Message
 Post subject: Software vs Updates
PostPosted: Wed Mar 28, 2012 2:27 am 
Offline
Newbie

Joined: Tue Mar 27, 2012 2:29 am
Posts: 3
Is there any pattern or logic to whether something is reported as software or an update?

I noticed a few things being listed in the device report as software updates which should be reported as installed software; Apple Software Update, Google Update Helper, Java Auto Updater, Jave SE (reported as Java x Update xx).

The software I've listed does show up on the installed software report though, which is confusing.


Top
 Profile  
Reply with quote  
 Post subject: Re: Software vs Updates
PostPosted: Wed Mar 28, 2012 4:53 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1254
Without having looked at the actual code I think it determines something is an "update" because it has "update" in the name.


Top
 Profile  
Reply with quote  
 Post subject: Re: Software vs Updates
PostPosted: Wed Mar 28, 2012 5:03 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1254
Having looked at the code it deems anything with the following strings in the software name an update: update, hotfix, KB.


Top
 Profile  
Reply with quote  
 Post subject: Re: Software vs Updates
PostPosted: Wed Mar 28, 2012 6:52 am 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1944
Location: Brisbane, Australia
JPA is correct. In addition, when the audit script runs it queries Win32_QuickFixEngineering. Everything returned from there is classed as an update.

I could add exclusions for certain strings easy enough if you list them here for any you find that are not actually updates...

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
 Post subject: Re: Software vs Updates
PostPosted: Wed Mar 28, 2012 7:09 am 
Offline
Newbie

Joined: Tue Mar 27, 2012 2:29 am
Posts: 3
Looking at the scan results I've had so far (about 20 PC's at one customer site) I'd say the logic could be simplified to pattern matching 'KB' followed by 6 or 7 numeric digits. I can only see one case where that logic would fail and it looks like that is a patch Microsoft missed the KB off from (shows as 982861).

Is there a simple way for me to see what is matched by the Win32_QuickFixEngineering check?


Top
 Profile  
Reply with quote  
 Post subject: Re: Software vs Updates
PostPosted: Wed Mar 28, 2012 9:43 pm 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1944
Location: Brisbane, Australia
This is how it works...

The audit script runs and any Vista/7/2008 machine enumerates the Win32QuickFixEngineering WMI section. This resultset is manually commented thus -<software_comment>update</software_comment>. XP, 2000, etc do not contain this WMI and hence do not have any audit results that contain the comment of "update". The application processes the result set and if a package in the software contains "update", "hotfix" or "KB" in its name then it has "update" inserted into its comment field. When displaying updates on a system page, it simply selects those installed packages with "update" in the comment field.

I can hard code the exceptions into the processing of the audit result if you like. Or I could simply not look for those strings when processing the audit result and assume 2000 and XP are dying - but in reality a LOT of these are still in use.

Thoughts?

_________________
Support and Development hours available from Opmantek.
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
 Post subject: Re: Software vs Updates
PostPosted: Thu Mar 29, 2012 7:34 am 
Offline
Newbie

Joined: Tue Mar 27, 2012 2:29 am
Posts: 3
XP might be dying but it will be some time before it's gone - think you have to support XP and 2003 as a minimum. In which case, for the moment it might be best to hard code the exceptions I've found (above) and add any others as they are reported?

Maybe something to consider for the future is removing this from the code and having it in the database instead, so users can manipulate it as they see fit via a web form and updates can be pushed out without a code change.

Same for the reports. The anti-virus report misses a couple I've detected (Microsoft and Trend), adding them all to the report code will get very boring very quickly and lead to an ever growing query. Having an easy way of adding to these lists which then get referenced by the query would be a lot better.

Though as I said, something for the future.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group