Already installed Windows updates reported as missing

[Torp]

Hi,

I have an issue with my KSC. I don’t use Kaspersky for Windows patch management, I use MS WSUS, but Kaspersky checks if critical updates are instaled, like cumulatives. But even Windows 10 on PCs is fully up to date including all critical updates, in KSC console, those PCs are reported and Kaspersky says cumulative updates are missing. Do you know how to fix it? Do you have some experience with that issue. I tried google and some forums, but without luck.

Thanks

[alexcad]

Can you please describe the problem in more detail? (Screenshot)
You can usually just ignore the report if you are not using this function.

Regards
Alex

[Torp]

It is not about using function. It is not realted. Kaspersky is looking for vulnerabilities on every computer. I cannot ignore it. For some computers it reports missing patches as in attached image below. But those pathes are already installed on end devices. I checked it several times. But KSC keeps say the same. I have about 400 devices in my KSC and this issue have approx. 100 of them.

 

 

[alexcad]

1.) The task “Find vulnerabilities and required updates” updates the database-information about vulnerabilities on the systems. If there is no such task present or scheduled, the information is probably out of date.

2.) WSUS only reports the patch-installation. Whether the vulnerability has been closed or is still closed is not verified. 

My recommendation: trust Kaspersky and not WSUS.

Regards
Alex

 

[Torp]

Thank you for your recommendation Alex,

I don’t trust WSUS. I have checked installed updates on machines physicaly in Windows Update settings card and if there is required KB installed. And it is. So because of that I don’t undertand why KSC still see those updates (1909) not applied even Windows are updated to version 2004 already.

 

Any other idea? I will try to remove device from Kaspersky and then will let it to register again without previous history and will see.

[alexcad]

“Find vulnerabilities and required updates” -task is present and running according to the schedule?

Regards
Alex

[Torp]

Yes, it is present and running every day according to the schedule.

[Torp]

I can see, that issue for all computers are only Microsoft KB4507469 and KB4507419.

These updates are for version 1809, but all PCs are upgraded to 1909 or 2004. Kapersky reports this as missing, but it is already overwritten by newer version of Windows.

In the end of the day, it is false positive vulneralibity and it distorts statistics and total overview. I would like to see only real issues.

[alexcad]

Then it's best to contact support

https://companyaccount.kaspersky.com/account/login

 

Regards
Alex

[Torp]

I’ll try. Thank you

 

Regards

Jan

[alexcad]

Feedback is welcome.

 

Regards
Alex