| Open-AudIT https://www.open-audit.org/phpBB3/ |
|
| Software vs Updates https://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=5853 |
Page 1 of 1 |
| Author: | jon [ Wed Mar 28, 2012 2:27 am ] |
| Post subject: | Software vs Updates |
Is there any pattern or logic to whether something is reported as software or an update? I noticed a few things being listed in the device report as software updates which should be reported as installed software; Apple Software Update, Google Update Helper, Java Auto Updater, Jave SE (reported as Java x Update xx). The software I've listed does show up on the installed software report though, which is confusing. |
|
| Author: | jpa [ Wed Mar 28, 2012 4:53 am ] |
| Post subject: | Re: Software vs Updates |
Without having looked at the actual code I think it determines something is an "update" because it has "update" in the name. |
|
| Author: | jpa [ Wed Mar 28, 2012 5:03 am ] |
| Post subject: | Re: Software vs Updates |
Having looked at the code it deems anything with the following strings in the software name an update: update, hotfix, KB. |
|
| Author: | Mark [ Wed Mar 28, 2012 6:52 am ] |
| Post subject: | Re: Software vs Updates |
JPA is correct. In addition, when the audit script runs it queries Win32_QuickFixEngineering. Everything returned from there is classed as an update. I could add exclusions for certain strings easy enough if you list them here for any you find that are not actually updates... |
|
| Author: | jon [ Wed Mar 28, 2012 7:09 am ] |
| Post subject: | Re: Software vs Updates |
Looking at the scan results I've had so far (about 20 PC's at one customer site) I'd say the logic could be simplified to pattern matching 'KB' followed by 6 or 7 numeric digits. I can only see one case where that logic would fail and it looks like that is a patch Microsoft missed the KB off from (shows as 982861). Is there a simple way for me to see what is matched by the Win32_QuickFixEngineering check? |
|
| Author: | Mark [ Wed Mar 28, 2012 9:43 pm ] |
| Post subject: | Re: Software vs Updates |
This is how it works... The audit script runs and any Vista/7/2008 machine enumerates the Win32QuickFixEngineering WMI section. This resultset is manually commented thus -<software_comment>update</software_comment>. XP, 2000, etc do not contain this WMI and hence do not have any audit results that contain the comment of "update". The application processes the result set and if a package in the software contains "update", "hotfix" or "KB" in its name then it has "update" inserted into its comment field. When displaying updates on a system page, it simply selects those installed packages with "update" in the comment field. I can hard code the exceptions into the processing of the audit result if you like. Or I could simply not look for those strings when processing the audit result and assume 2000 and XP are dying - but in reality a LOT of these are still in use. Thoughts? |
|
| Author: | jon [ Thu Mar 29, 2012 7:34 am ] |
| Post subject: | Re: Software vs Updates |
XP might be dying but it will be some time before it's gone - think you have to support XP and 2003 as a minimum. In which case, for the moment it might be best to hard code the exceptions I've found (above) and add any others as they are reported? Maybe something to consider for the future is removing this from the code and having it in the database instead, so users can manipulate it as they see fit via a web form and updates can be pushed out without a code change. Same for the reports. The anti-virus report misses a couple I've detected (Microsoft and Trend), adding them all to the report code will get very boring very quickly and lead to an ever growing query. Having an easy way of adding to these lists which then get referenced by the query would be a lot better. Though as I said, something for the future. |
|
| Page 1 of 1 | All times are UTC + 10 hours |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|