cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ARTP
Engaged Sweeper II
Hi,

Currently having issues with assets missing Quickfix data. I've built a report to ensure we have no machines in our estate missing KB4012212 due to the recent WCrypt craziness however it is full of false positives due to some assets having no Quickfix data.

Has anyone came across this before? I've had a look through the community and couldn't see anything similar. Any advice is greatly appreciated.

Examples:

Quickfix data missing:
Quickfix Data Missing

Quickfix data:
Quickfix data
1 ACCEPTED SOLUTION
Susan_A
Lansweeper Alumni
If you require further assistance with the WannaCry report or Windows updates not being scanned, please contact us via email at support@lansweeper.com and provide a description of the problem. It will be a lot easier to troubleshoot if everyone submits their own support ticket, so we can look at each individual case. The cause of the issue may not be the same for everyone.

I'm going to lock this topic for now, just because it's become too long and confusing to comment on. If you contact us via email, we would be happy to troubleshoot from there. If you mention this forum topic in your email, we'll also be happy to post the conclusion of our support conversation in this forum topic, once your ticket is resolved.

View solution in original post

23 REPLIES 23
shsheikh
Engaged Sweeper II
Bruce.B wrote:
We've intentionally included assets of all states (not only active) to avoid potentially omitting vulnerable computers. That said, we are constantly adjusting the report to be more accurate, though we are leaning on the safe side as we'd rather have false positives then to let a computer slip through the cracks. The current version of the report in this post excludes Windows 10 computers on the Creator Update as they're deemed safe.

Regarding the Config\Windows\Quickfix information being blank on certain computers, if you've recently rescanned the "Quickfix" item on the computer, for instance via the Rescan Asset button which overrides scanned item intervals, the data should reflect what is found on the local computer. If you run the command below in an elevated CMD on the local computer in question you can verify the data, as Lansweeper scans KB information from this WMI class (Win32_QuickFixEngineering)

wmic path Win32_QuickFixEngineering


Thanks for the update! I appreciate you guys putting together the query as we've used it heavily to track progress in getting everything patched.

I understand the need for including non-active assets (everyone has different criteria, ours are 90 days with no contact or not in AD), but the immediate need for us is to get everything online patched. Once it is, we'll switch to non-active assets and see what needs to be handled.
shsheikh
Engaged Sweeper II
Another change I had to make to the provided report was to only include active assets. That cut the results down by a little more than half.
shsheikh wrote:
Another change I had to make to the provided report was to only include active assets. That cut the results down by a little more than half.


Very helpful, thanks! For those who need to know how to do it, replace the line: "Like 'Windows%'" with:

Like 'Windows%' And tblAssetCustom.State = 1
JasonSimone
Engaged Sweeper II
I think our machines are also missing QuickFix data. In my case, I have run the wmic command provided and the information seems to be missing from the WMI database on the machines even though in some cases I know the patches are installed. Hundreds of machines are on the list which doesn't make much sense.

I am trying to determine why some large-scale number of patches would be missing from the WMI Win32_QuickFixEngineering table on so many machines.
Bruce_B
Lansweeper Alumni
I've updated all reports in this topic to match the latest report. For future reference, use this forum topic as it will contain the most recent version of the report as more information about KB numbers comes in.
ARTP
Engaged Sweeper II
Bruce.B wrote:
I've updated all reports in this topic to match the latest report. For future reference, use this forum topic as it will contain the most recent version of the report as more information about KB numbers comes in.


Why are you marking posts as solutions? I still have assets showing no quickfix data which is the problem.
shsheikh
Engaged Sweeper II
I have a big chunk of Windows 10 machines reporting back vulnerable. This includes my own laptop, which definitely is fully patched (creators update). Anyone else having a similar problem?
ARTP
Engaged Sweeper II
shsheikh wrote:
I have a big chunk of Windows 10 machines reporting back vulnerable. This includes my own laptop, which definitely is fully patched (creators update). Anyone else having a similar problem?


Do the machines show any data in Config -> Windows -> Quickfix? This is the issue i'm having where the table is empty.
shsheikh
Engaged Sweeper II
ARTP wrote:
shsheikh wrote:
I have a big chunk of Windows 10 machines reporting back vulnerable. This includes my own laptop, which definitely is fully patched (creators update). Anyone else having a similar problem?


Do the machines show any data in Config -> Windows -> Quickfix? This is the issue i'm having where the table is empty.


Yes, machines do have the quickfix data scanned. Another thing to note is that, at least for us, Quickfix data is only collected every 7 days. I dropped it to 3 to help have the latest information.

For mine in particular, I only have three updates:

KB2693643 Update 4/6/2017
KB4016871 Security Update 5/9/2017 NT AUTHORITY\SYSTEM
KB4020821 Security Update 5/9/2017 NT AUTHORITY\SYSTEM

I am running the Windows 10 Creators Update which has the fix built-in.

Bruce_B
Lansweeper Alumni
Thank you for providing the document, we've verified the KBs and added them to the main report.