ZCM Patch Management shows Product Vulnerabilities Applicable for Products not Installed

  • 3393891
  • 17-Jan-2008
  • 27-Apr-2012

Environment

Novell ZENworks 10 Configuration Management

Situation

ZCC/Devices/Windows XP Workstation/Vulnerabilities tab with filter set to "not patched" and critical shows:

Adobe Reader 8.1.1 Update (All Languages) Critical No
when Adobe is not installed as application or plugin on the workstation. Can't filter based on only existing application vulnerabilities.

Resolution

This is fixed in version 10.0.2 - see KB 3486285 "Updates to ZENworks 10 Configuration Management" which can be found at https://www.novell.com/support

Additional Information

The behavior of whether a patch is "applicable" to a device is determined by its patch fingerprints.
The behaviour of what constitutes "not patched" depends on the type of patch:
  1. For a critical security patch, you are not patched if you have the product with the vulnerability issue installed - and the latest dlls and exes are not present on your system. when you deploy the patch, it updates just bits and pieces of the existing application version so that the security vulnerability can no longer be exploited.
  2. For a software patch, you are not patched if you are able to install that new version of software on your box. When you deploy the patch, that whole new
    version of software gets installed.
  3. For a worm removal patch, you are not patched if you have evidence of worm activity on your system. when you deploy the patch, the worm removal tool runs.
  4. For an antivirus dat file update, you are not patched if the AV definition file is older than the current latest version. when you deploy the patch, the
    AV dat file gets updated.