There may be times when there is a report of a security update being installed to a computer when it was not expected and was not supposed to be targeted.  How can you prove that it did not receive the security update from Patch Management Solution?

Patch Management Solution

N/A

There are a few places you can check to show that the endpoint did not receive the update.

• If you view the Symantec Management Agent GUI, and look under the Software Delivery tab you will notice some policies.  On the left hand side under options, if you click the box that says show expired packages you will notice that some more policies will be displayed.  Look for the security update in question to see if it's listed there.  If not, this is a good indication the computer did not receive the policy.

• Review the InstallLog.csv file located at C:\Program Files\Altiris\Altiris Agent\Agents\PatchMgmtAgent.  This CSV file contains all of the updates installed by Patch Management Solution.  If the update in question is not listed there, it's most likely the update was not installed through Patch Management Solution.

• Review the computer event viewer system Windows logs.  Look for sources like WindowsUpdateClient and check to see if the security update in question is listed there.

• Reviewing the computer's event viewer, also check the setup Windows log.  If the update is found, the command line will reference a path used by the Patch Management Solution product, such as c:\program files\altiris...

• If you do not have access to the endpoint you can use information from the SMP console.  Find the computer in question under Manage > Computers.  Right-click and choose resource manager.  Now click on Summaries and then click on Software Update Summary.  This will show you what updates have been installed on the computer.  If you do not see the security update in question listed here, it's a good indication it was not installed using Patch Management Solution.

• In addition to the above steps for the Software Update Summary, you can use the View > Events option in the resource manager.  Navigate to Computer Events > AeX SWD Execution.  From here you can expand the column for Advertisement Name and then click on the Start column so the most recent date is shown.  Look through the Advertisement Name column for the security update in question.  If you do not see it listed here it's a good chance it was not installed through Patch Management Solution.