Host Integrity Patch requirement check fails on some Microsoft monthly rollup hotfixes.

book

Article ID: 169525

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Symantec Endpoint Protection's (SEP) Host Integrity feature has the ability to check for an installed Microsoft patch or hotfix by KB number. However, there are instances in which the Host Integrity check will fail, even when the patch is listed as installed under the 'Installed Updates' Control Panel interface.

SEP Security Log shows Host Integrity check failed entries for Patch requirements. As example:

Host Integrity check failed
  Requirement: ""Patch requirement  - KB3207752"" failed
  Requirement: ""Patch requirement  - KB3181988"" passed

Cause

Host Integrity uses a Windows Management Instrumentation (WMI) query to get the list of installed Microsoft patches and hotfixes. The WMI query Host Integrity uses implements the Win32_QuickFixEngineering class. According to Microsoft, this class, "returns only the updates supplied by Component Based Servicing (CBS). These updates are not listed in the registry. Updates supplied by Microsoft Windows Installer (MSI) or the Windows update site (http://update.microsoft.com) are not returned by Win32_QuickFixEngineering".

Environment

Microsoft Windows

Resolution

{SUBSCRIBE.EN_US}