Environment
Novell
ZENworks 10 Configuration Management
Situation
ZCC/Devices/Windows XP
Workstation/Vulnerabilities tab with filter set to "not
patched" and critical shows:
Adobe Reader 8.1.1 Update (All Languages) Critical No
Adobe Reader 8.1.1 Update (All Languages) Critical No
when Adobe
is not installed as application or plugin on the workstation.
Can't filter based on only existing application
vulnerabilities.
Resolution
This is
fixed in version 10.0.2 - see KB 3486285 "Updates
to ZENworks 10 Configuration Management" which can be found at https://www.novell.com/support
Additional Information
The behavior
of whether a patch is "applicable" to a device is determined by its
patch fingerprints.
The
behaviour of what constitutes "not patched" depends on the type of
patch:
- For a critical security patch, you are not patched if you have the product with the vulnerability issue installed - and the latest dlls and exes are not present on your system. when you deploy the patch, it updates just bits and pieces of the existing application version so that the security vulnerability can no longer be exploited.
- For a
software patch, you are not patched if you are able to install that
new version of software on your box. When you deploy the patch,
that whole new
version of software gets installed. - For a worm removal patch, you are not patched if you have evidence of worm activity on your system. when you deploy the patch, the worm removal tool runs.
- For an
antivirus dat file update, you are not patched if the AV definition
file is older than the current latest version. when you deploy the
patch, the
AV dat file gets updated.