Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 13903 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Patch Assessment gets it wrong?

Fairport

How does Sophos Patch Assessment (SPA) decide which patches are actually needed by a device?

We usually rely on WSUS to push out Microsoft updates. When SPA told us there were a bunch of Microsoft updates still rerquired by our PC's we took it at its word and have been rolling them out manually. Still no idea why WSUS should have missed them though :^\

On the other hand there's a Microsoft update that SPA claims a bunch of our PC's need - but Windows Update says this particular update isn't needed by those PC's - why should that be? o_O

:55139


This thread was automatically locked due to age.
  • 0

    Hi there,

    Sophos Patch cannot tell you whether or not a patch is required rather it informs you which patches are missing. The decision to patch or not is entirely down to you.

    WSUS is configured by yourself and again the decision to deploy patches is taken locally, although you can pre-authorize certain patches and updates in WSUS, thereby reducing the administrative burden placed on local staff.

    Regards.

    :55166
  • 0

    So...

    Sophos Patch Assessment tells us that lots of our PC's have certain Microsoft updates missing.

    WSUS doesn't think those PC's need those updates - nor does Microsoft / Windows update online.

    My best guess here is that Microsoft's own update tools recognise that those updates aren't needed because they've been superceded by newer patches? And that Sophos Patch Assessment isn't able to ascertain this fact?

    :55269
  • 0

    Hi there,

    That would be correct. Although Sophos Patch does list which patch has been superceded by which.

    Capture-1.jpg

    Sophos Patch can only tell you what patches are missing. This is useful for audit puposes. However, if you have a working WSUS there isn't any real need for Sophos Patch.

    Regards.

    :55286
  • 0

    That's useful information - hadn't noticed the Superceded by column - doh! Really should open my eyes! :smileyembarrassed:

    I'm inclined to think that Sophos Patch is still useful though - given that we've plenty of non-Microsoft software that obviously WSUS doesn't handle.

    :55291
  • 0

    Hmmm.... a number of Microsoft updates listed by Sophos Patch as missing have nothing in the Superseded column.

    :55294
  • 0
    Hi there,

    If you believe some patches, which have been superceded, are not flagged correctly you should raise this with Sophos Support. If it's a case of missing functionality you can raise a feature request;

    http://www.sophos.com/en-us/support/feature-requests.aspx

    Regards.
    :55303