Viewing File and Registry Changes


The missing and availability status of a patch is determined by assessing these parameters :

These File change and Registry change details for a patch can be viewed by clicking on the Bulletin ID of a patch from many view and then clicking on the File and Registry Changes link from the pop-up window.

File Version and Checksum

Security Manager Plus compares the file names, their version numbers and checksum information from the vulnerability database, to those on the system that is being scanned. If any of the file versions and checksums on the scanned system are less than those stored in database, the associated security patch is identified as not installed or missing. If they are equal to or greater, the patch is considered as available.

 

The status is shown by the amark - to match the file version/checksum or x mark - to denote a mismatch. Note that the status info is available only when you view the Bulletin Details from the Asset Details view for a system and NOT from the Deploy Patches view.

Registry Checks

Though traditional patch detection mechanisms rely mainly on registry keys, Security Manager Plus uses a combination of checksum / file version checks and registry entries to determine the patch status. The registry key that must exist on the system being scanned, for the patch to be installed, is shown the Registry Check table.

 

The status is shown by the amark - to denote the presence of the registry key or x mark - to denote a absence of it. Note that the status info is available only when you view the Bulletin Details from the Asset Details view for a system and NOT from the Deploy Patches view.

 

Note that some patches might not make any registry entries to the system on which they are being installed. Therefore, the Registry Changes table maybe blank for some patches.

 


Copyright © 2010, ZOHO Corp. All Rights Reserved.
ManageEngine