Kaspersky Patchmanagement

[Maqsood Ahmad]

I am using Kaspersky Patchmanagement Functionality and few questions which are very confusing and do not have clear understanding.

1. When will download of Path start?

     a.  When we approved the path or when we initiate the task to install the path.

2.  Where will be download start ?

   a. On KSC Server or on the Client System.

3. Path where updates stored.

4. Is there any possibility we can check if download & installation is on going ( status of tasks ).

5. Installation task shows " Copying files to the specified device... " and keep on showing this for hours. and status of task remains 1%.

 

Note : Currently we are operating on approved patches only.

Kindly help so that we can effective roll out the Patches.

 

Maqsood

 

 

 

[ElvinE5]

Good day

Do I understand correctly that we are talking about Windows updates?

I will try to explain ...

Цитата

1. When will download of Path start?

2.  Where will be download start ?

3. Path where updates stored.

1. During the start of the task of "installing updates and fixing vulnerabilities"

2. It depends on the method you have chosen.

     A. if the KSC server is configured as WSUS, then on the KSC

     B. if not, then on the client device in accordance with its settings (directly via the Internet or in WSUS located near your  network)

3. if the KSC server is in the WSUS role...

Спойлер

if not - in the standard folders for Windows updates

 

36 минут назад, Maqsood Ahmad сказал:

4. Is there any possibility we can check

5. Installation task shows

4. there is no special mechanism, only through the status of the task

5. it is most likely related to the boot process

 

I'll try to explain step by step... Let's assume that our KSC is configured as WSUS and we have all the necessary tasks to work ...

1. The task "Perform Windows Update synchronization" receives method data from MS servers about all updates for the products that you have selected in the task, stores them in the database ... these are not the updates themselves, but simply data on their availability ... be careful as these metadata can take up a lot of space and your database can become very large.

2. The task "Find vulnerabilities and required updates" - during its launch, it checks the state of your devices, comparing the state with the metadata that the previous task downloaded and populates the corresponding section "Vulnerabilities" and "updates"

3. the "Install required updates and fix vulnerabilities" task runs according to a schedule, relies on these lists and runs personally on each device, tries to install the necessary updates (in your case, those that you overcame) while doing something like the following.

a. the client contacts the server to obtain the updates it needs.

b. if the updates have already been downloaded to the repository, it downloads and starts the installation.

c. if not, the "as if" task is paused and the server starts downloading updates to its storage (probably this is why the installation can show 1% for a long time), after which it gives it to the client.

 

I hope I managed to explain clearly about the update process ... and the fact that I didn’t make a mistake anywhere ? ...

 

[Maqsood Ahmad]

Hi ElvinE5

Thank you for the explaination, it clears most of the confusion. Regarding installation tasks shows 1% , its been around 24 hrs and it did not proceed further. That is why i asked if we can verify / check the status as if there is any issue or not.

Currently we are blanked as what is happening or what is the issue if any.

Tell if any patch has already been applied to group of devices will it be re downloaded if same patch is pushed to another group.?

 

Currently KSC is used as WSUS.

 

Maqsood

[ElvinE5]

15 минут назад, Maqsood Ahmad сказал:

Tell if any patch has already been applied to group of devices will it be re downloaded if same patch is pushed to another group.?

If this patch has already been downloaded to the KSC server and is still stored, you won't have to download it again from the Internet... KSC will give it back from its repository.

[Maqsood Ahmad]

Thankyou.

And what about stuck at 1%. How we check what is the issue. It seems like we need to wait for ages.

 

Maqsood

[ElvinE5]

there may be quite a few reasons ... not to guess what it is ... try contacting support https://companyaccount.kaspersky.com

and describe your problem ... having previously collected all the necessary data from the problem machine ... https://support.kaspersky.com/corporate/before_request?topic=kes

Спойлер

To make processing of your request faster and minimize additional information requests, when creating a request:

1. Describe the actions that caused the issue.
2. Attach screenshots or a video to illustrate the issue.
3. Provide the following additional information:
   1. Kaspersky Get System Info report generated on the host on which the issue occurs with the Include Windows event logs option enabled. For instructions, see this article.
   2. Kaspersky Endpoint Security event log in the EVT or EVTX format. For instructions, see this article.
   3. Export of the CFG configuration file from the affected host or export of the KLP policy, which is active on the affected host.
4. Send a request to Kaspersky technical support through CompanyAccount.

 

Edited May 19, 2023 by ElvinE5

[Maqsood Ahmad]

Hi,

Could you also help to identify report regarding Patch Management. i.e

We need to generate reports either single or multiples which shows below things.

1. Detected Vulnerabilities

2. MS Software / thirdparties software pushed or installed.

3. Vulnerabilites fixed.

Above reports / evidence are helpfull to show our management that We are doing vulnerability / patch management with Kaspersky.

Maqsood

[ElvinE5]

Good day

I would recommend to start by going to the predefined reports available in KSC and see if they suit you...here...these are the ones you need (I think)

Спойлер

 

21 час назад, Maqsood Ahmad сказал:

Detected Vulnerabilities

Report on vulnerabilities - This report lists software vulnerabilities detected.

 

21 час назад, Maqsood Ahmad сказал:

MS Software / thirdparties software pushed or installed.

1. Report on hardware registry - This report provides information about the motherboard, CPU, RAM, and hard drives.

2. Report on installed applications - This report lists all applications installed.

 

21 час назад, Maqsood Ahmad сказал:

Vulnerabilites fixed.

Report on software updates - This report provides installation statistics of software updates.

 

you can create a copy of this report (from a template) and modify it a bit to suit your needs... fields, time, device groups, etc.

Спойлер