Check for missing patches, Validating vpm patch agent installation – HP Insight Vulnerability and Patch Manager Software User Manual

This message occurs because the Microsoft information pertaining to the patch location is incorrect and the
patch cannot be downloaded. HP is working to correct the metadata at the HP/Radia website for these older
patches, however this is ongoing maintenance. These corrections will automatically be downloaded each
time a patch acquisition is run. No updates are needed to Vulnerability and Patch Manager.

Patches appear in a scan report but are not successfully deployed

This can occur in the following situations:

•

A vulnerability scan has identified vulnerabilities, patches were selected for deployment based on the
scan, and one or more of the selected patches were not located in the patch repository. Generally,
some of the patches will install successfully, while others do not install for an extended time. Patches
might not be available in the patch repository because all necessary operating systems were not selected
for patch acquisition, or only some patches have been acquired.

•

The VPM Patch Agent has not been successfully installed on the system being patched.

•

A patch deployment is attempted on a system for which the patch is not applicable. Vulnerability and
Patch Manager applies patches to target systems based on the operating system characteristics and
patch vulnerabilities. For example, a patch cannot be deployed when a Red Hat patch is selected for
deployment on a Windows target system.

Check for missing patches

Be sure that a patch acquisition has been selected for all operating systems in the server environment. Different
Microsoft patches can exist for each operating system associated with an advisory. To validate if a patch
has been acquired, click the advisory link to the operating system vendor. The patches for each operating
system are listed. Check the
<VPM_installation_folder>\Radia\IntegrationServer\Data\Patch\Microsoft\<bulletin

number>

directory to verify that each patch has been acquired.

Check the file
<VPM_installation_folder>\Radia\IntegrationServer\Logs\patch-acquire.log

for a

history of the last patch acquisition, including any errors. Patches downloaded through HTTP might have
been acquired successfully, but those requiring FTP are failing. If this occurs, validate the proxy and firewall
settings to be sure they are configured properly to enable FTP traffic.

Validating VPM Patch Agent installation

Check the Vulnerability and Patch Manager events to see if a successful Installed VPM Patch Agent event
exists for the system to be patched. If no event is present or if a Failed VPM Patch Agent Install event exists,
select Deploy

→Vulnerability and Patch Manager→VPM Patch Agent to deploy the agent.

After the VPM Patch Agent installation and patch acquisition have been verified, reinitiate the patch installation
by selecting Deploy

→Vulnerability and Patch Manager→Validate Installed Patches.

Patch installation status reports are not current or do not match information that
appears in scan reports

Information that appears in patch reports is obtained during the most recent patch deployment task. If this
information is not current, update the patch installation status by validating installed patches.

Other tools report that a Windows system is patched, but Vulnerability and Patch
Manager reports patches needed

Many other tools read the registry to determine if a patch is installed. In many cases, when a patch installation
fails, the registry is updated while the files remain unchanged. Vulnerability and Patch Manager verifies that
both the files and registry keys have been updated.

Patch source for vendor patches is Microsoft or Red Hat

To determine patch applicability, Vulnerability and Patch Manager might enhance patch detection criteria
to be more precise than vendor information. These patches appear with an asterisk in the Patch Source
column.

Patches

23