Viewing and Understanding Scan Results

Once the vulnerability scan is completed for the chosen system(s), the next step would be to look at the Scan Results to view the missing and available patches.

Getting to Scan Results

To access the Scan Result for a particular system, visit any of the Systems views or System Group views and click on the System Name link or the date and time link against the system name in the Last Scanned column.

Scan Result View

The scan result view consists of :

• Security Updates (Windows Only)
• Non-Security Updates (Windows Only)
• Product Summary
• Status Graphs
• Tabular listing of missing, available & obsolete patches and informational items
• Service Packs list

Security Updates or Security Patches for Windows

Any patch which fixes a security issue or loop hole in a software application is termed as a Security update. Windows Security updates are released monthly in the form of bulletins from Microsoft. Example bulletins are: MS06-65, MS04-23 etc.

Missing security patches compromise the security of your systems and have to be applied to protect against system vulnerabilities that can be exploited. Therefore, security patch detection & patching is the core functionality of PatchQuest.

Security Patches are classified in the 'Security Updates' tab in the Scan Result view as well as in the Patch Information view.

Non-Security Updates or Non-security Patches for Windows

From release 4.3 (build 4300), PatchQuest supports detection and patch deployment of Non-Security updates for Windows systems. A Non-Security update, according to Microsoft, is a broadly released fix for a specific problem addressing a critical, non-security related bug (say a fix for a performance problem, feature upgrade, scalability issue, feature breakage, tools etc.). These updates are generally available to users via Windows Update (WU) / Automatic Update (AU).

Non-Security Patches are classified in the 'Non-Security Updates' tab in the Scan Result view as well as in the Patch Information view. They are assigned a dummy bulletin ID in PatchQuest - starting with MSWU.

When scanning systems, you will have an option in the Scan Configuration screen to select if you need to scan for Non-Security patches

Product Summary

Presents a consolidated list of all the products & applications (supported by PatchQuest) that are available in the system, along with number of service packs, available patches, missing patches, obsolete patches and information items, against each product or application. 

This view enables you to have a quick glance at the system's patch statistics. Each of the numbers are links which lead you to the detailed listing of patches in the selected category.

Status Graphs

The Scan Result is enriched with pie-charts which present 'at a glance' information about the patches. To view the graphs, click on the 'Graphical View' link above the Product Summary table. The different types of patch status displayed in the pie-charts are :

• Severity Status - the severity information of the patches that are listed during a particular scan. Displays a split-up Critical, Important, Moderate, Low and Unrated patches
• Download Status - a count of patches from this scan, that have been downloaded into the PatchQuest server, not downloaded yet and those for which the download is in progress
• Reboot Status - a count of patches in this scan that require a system reboot after installation and that do not require a reboot
• Vulnerability Status - a classification of patches based on number of patches that are missing, available, obsolete and informational, during a particular scan

Each item on these charts is a link, on clicking which you will be led a corresponding patch list in the table view down below the graphs.

Table view showing detailed patch information

The tabular listing displays the missing and available patch status for a particular system that has been scanned, along with details like :

• Patch ID : A unique reference ID in PatchQuest for every patch
• Patch Status : Whether a patch is available, missing or the entry is an information item.
• Bulletin ID : The advisory article provided by the vendor which contains information about the vulnerability and patch availability. Clicking this link, will lead you to the Bulletin Details view, which provides more info about the Bulletin and the vulnerability
• Patch Name : The patch that is available or missing
• Title : The vulnerability (in brief) that a patch addresses
• Installation Status : Determines the status of the patch installation (Installed or Failed) effected by PatchQuest. 
• Download Status : Determines whether the patch is downloaded from the net (vendor site) and is made available in the PatchQuest server for deployment, if the download has failed for some reason or if the download is not available.
• Severity - Determines the importance of the patch. These severity ratings are as per the bulletin or advisory information or as a result of patch assessment done by AdventNet
• Superseded by - A bulletin ID reference to a patch which replaces an obsolete patch
• Views - Which depict the following information
  • User Comment - A configuration view where a user or administrator can enter his comments about a patch. This can be used for  future reference.
  • Patch Schedule Task Report - Tasks that are scheduled to be performed on this patch will be listed in this report. The possible tasks for a patch are : Patch Download, Patch Deployment and Patch Undeployment tasks. Refer to Patch Schedule Report for more information.
  • Patch History Report - This view displays the list of tasks that have been already executed for this particular patch. Refer to Patch History Report for more information.

Missing patches listed here can be selected and deployed by clicking on the 'Deploy' button. Available patches can be selected and undeployed from the system by clicking on the 'UnDeploy' option.

Service Packs List

Click on the 'Service Pack' tab in the Scan Result view to see the Service Pack list. From this list, you can identify which service pack is available and which is missing. You can then proceed to download and deploy the missing service pack for each product, one at a time.

From the Product Summary table in the Scan Result view, click on the number count in the Service Pack column against a particular product name. You will be taken to the list of service packs for that particular product. 

Definitions

Obsolete patches - These are patches that are outdated and have another patch that is more recently released and has taken its place (Superseding Patch). These patches are represented by this icon - against the patch name in the detailed patch list table. If these patches are missing, you can safely ignore them and deploy the patches that supercede them (Refer Superseded By column in the table)

Superseding Patches -  These are patches that replace outdated or obsolete patches. They are represented by the bulletin IDs and are listed in the Superseded By column.

Informational items  - There maybe some vulnerabilities for which PatchQuest is not able to determine if the appropriate patch or workaround has been applied. There could also be patches for which manual intervention is required. These are categorized as Informational Items.

They are denoted by this icon -  in the Availability Status column in the table. Remediation of these issues usually involves a configuration change or workaround rather than a patch. Therefore you will not have a checkbox against these entries in the table. You may ignore these once you have applied the patch or evaluated your system and made any needed configuration changes. Refer to the respective bulletin against the item or read the Patch Comment for more details.