This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Assets missing Quickfix data

Go to solution
ARTP
Engaged Sweeper II

‎05-14-2017 06:59 PM

Hi,

Currently having issues with assets missing Quickfix data. I've built a report to ensure we have no machines in our estate missing KB4012212 due to the recent WCrypt craziness however it is full of false positives due to some assets having no Quickfix data.

Has anyone came across this before? I've had a look through the community and couldn't see anything similar. Any advice is greatly appreciated.

Examples:

Quickfix data missing:
Quickfix Data Missing

Quickfix data:
Quickfix data
Labels:
1 ACCEPTED SOLUTION
Go to solution
Susan_A
Lansweeper Alumni

‎05-24-2017 11:44 AM

If you require further assistance with the WannaCry report or Windows updates not being scanned, please contact us via email at support@lansweeper.com and provide a description of the problem. It will be a lot easier to troubleshoot if everyone submits their own support ticket, so we can look at each individual case. The cause of the issue may not be the same for everyone.

I'm going to lock this topic for now, just because it's become too long and confusing to comment on. If you contact us via email, we would be happy to troubleshoot from there. If you mention this forum topic in your email, we'll also be happy to post the conclusion of our support conversation in this forum topic, once your ticket is resolved.

View solution in original post

23 REPLIES 23
Go to solution
Nick_VDB
Champion Sweeper III

‎05-15-2017 10:01 AM

The report below will give back the machines that do not have the hotfixes installed. We added some further KB's that have the fix for MS17-010. These hotfixes are scanned from the Win32_QuickFixEngineering WMI class. There is an interval of 7 days for scanning the Win32_QuickFixEngineering WMI class, this can be modified by going to Scanning\Scanned Item Interval and setting it to 0. You can then do a full rescan of your machines so that the quickfixengineering table is updated with any new updates. Once the rescans have been done you can then run this report. In the report it is also required that the assets be set to the 'Active' state. If

Recap:
  • Go to Scanning\Scanned Item Interval
  • Change the interval time for the 'QUICKIX' item to 0
  • Rescan all your assets to update the quickfixengineering tables with the new updates
  • Run the report

The hotfix must be found in Win32_QuickFixEngineering for Lansweeper to be able to scan it. The following command lists all the Hotfixes that are found in the Win32_QuickFixEngineering table.

wmic path Win32_QuickFixEngineering

Select Top 1000000 Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As
icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
tblAssets.IPAddress,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tsysOS.OSname As OS,
tblAssets.SP,
Case When tblAssets.Lastseen Is Null Then 'Unknown' Else 'Vulnerable'
End As IsVulnerable,
tblAssets.Lastseen,
tblAssets.Lasttried
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Where
tblAssets.AssetID Not In (Select Top 1000000 tblQuickFixEngineering.AssetID
From tblQuickFixEngineering Inner Join tblQuickFixEngineeringUni
On tblQuickFixEngineeringUni.QFEID = tblQuickFixEngineering.QFEID
Where tblQuickFixEngineeringUni.HotFixID In ('KB4012216', 'KB4012215',
'KB4012217', 'KB4012212', 'KB4012213', 'KB4012598',
'KB4012214', 'KB4012606', 'KB4013198', 'KB4012212', 'KB4012217', 'KB4015551', 'KB4019216', 'KB4012216', 
'KB4015550', 'KB4019215', 'KB4013429', 'KB4019472', 'KB4015217', 'KB4015438', 'KB4016635', 'KB4019264', 'KB4015549', 'KB4015221', 'KB4019474', 'KB4015219', 'KB4019473')) And tsysAssetTypes.AssetTypename
Like 'Windows%'
Order By tblAssets.Domain,
tblAssets.AssetName
0 Kudos
Go to solution
heybobby1
Engaged Sweeper III
In response to Nick_VDB

‎05-15-2017 03:48 PM

Nick.VDB wrote:
The report below will give back the machines that do not have the hotfixes installed.


Thanks for the report. You're missing some KBs BTW. Here's the complete list:

('KB4012598', 'KB4012212', 'KB4012215', 'KB4015549', 'KB4019264', 'KB4012214', 'KB4012217', 'KB4015551', 'KB4019216', 'KB4012213', 'KB4012216', 'KB4015550', 'KB4019215', 'KB4012606', 'KB4015221', 'KB4019474', 'KB4013198', 'KB4015219', 'KB4019473', 'KB4015438', 'KB4015217', 'KB4019472'))

From Microsoft's "WannaCrypt Ransomware Customer Guidance" webcast earlier today: https://1drv.ms/b/s!AsSKRAC3eQiE16glLQ2KTGNFnpSNAA
Go to solution
ARTP
Engaged Sweeper II
In response to Nick_VDB

‎05-15-2017 02:30 PM

Nick.VDB wrote:
The report below will give back the machines that do not have the hotfixes installed. We added some further KB's that have the fix for MS17-010. These hotfixes are scanned from the Win32_QuickFixEngineering WMI class. There is an interval of 7 days for scanning the Win32_QuickFixEngineering WMI class, this can be modified by going to Scanning\Scanned Item Interval and setting it to 0. You can then do a full rescan of your machines so that the quickfixengineering table is updated with any new updates. Once the rescans have been done you can then run this report. In the report it is also required that the assets be set to the 'Active' state. If

Recap:
  • Go to Scanning\Scanned Item Interval
  • Change the interval time for the 'QUICKIX' item to 0
  • Rescan all your assets to update the quickfixengineering tables with the new updates
  • Run the report

The hotfix must be found in Win32_QuickFixEngineering for Lansweeper to be able to scan it. The following command lists all the Hotfixes that are found in the Win32_QuickFixEngineering table.

wmic path Win32_QuickFixEngineering

Select Top 1000000 Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As
icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
tblAssets.IPAddress,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tsysOS.OSname As OS,
tblAssets.SP,
Case When tblAssets.Lastseen Is Null Then 'Unknown' Else 'Vulnerable'
End As IsVulnerable,
tblAssets.Lastseen,
tblAssets.Lasttried
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Where
tblAssets.AssetID Not In (Select Top 1000000 tblQuickFixEngineering.AssetID
From tblQuickFixEngineering Inner Join tblQuickFixEngineeringUni
On tblQuickFixEngineeringUni.QFEID = tblQuickFixEngineering.QFEID
Where tblQuickFixEngineeringUni.HotFixID In ('KB4012216', 'KB4012215',
'KB4012217', 'KB4012212', 'KB4012213', 'KB4012598',
'KB4012214', 'KB4012606', 'KB4013198', 'KB4012212', 'KB4012217', 'KB4015551', 'KB4019216', 'KB4012216', 
'KB4015550', 'KB4019215', 'KB4013429', 'KB4019472', 'KB4015217', 'KB4015438', 'KB4016635', 'KB4019264', 'KB4015549', 'KB4015221', 'KB4019474', 'KB4015219', 'KB4019473')) And tsysAssetTypes.AssetTypename
Like 'Windows%'
Order By tblAssets.Domain,
tblAssets.AssetName


No joy i'm afraid, changing it to 0 days does not add the data to any machines that were missing it;
0 Kudos
Go to solution
maupaiva
Engaged Sweeper

‎05-15-2017 04:12 AM

I am looking for something similar too 😛
0 Kudos

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now