Phone Lines icon GFI Support Home Sign in
Start a conversation
  1. GFI Support
  2. GFI Support - Scanning
  3. Articles

GFI LanGuard Is Not Detecting All Missing Patches

Overview

This article shares the process for determining why a certain update/patch may not be listed or is not supported by GFI LanGuard.

 

Information 

Problem

The scan results of GFI LanGuard for missing patches or service packs differ from those delivered by Microsoft's Update Service. In most cases, this means that GFI LanGuard does not detect all patches that the Microsoft Update Service identified as missing.

Note: GFI LanGuard supports most, but not all, Microsoft patches. The differences are discussed in the article: Why does Windows update list patches that are not in GFI LanGuard?

 

Root Cause

GFI LanGuard is designed to focus on the security aspects of an IT environment. Since this also applies to the detection process of missing patches, GFI LanGuard will only detect missing patches that are relevant to the security of a system, network, or application.

The GFI LanGuard security research team reviews the general distinction between security and non-security relevant patches for all updates before being implemented in the patch database. During this process, some patches might be considered as non-critical and, therefore, not applicable to the system's security. In this case, GFI LanGuard does not support these patches.

Back to top

 

Process

Follow these steps to determine if a patch is supported and is in GFI LanGuard's patch management database:

  1. Review the security and third party patches that GFI LanGuard supports. This does not include Microsoft Non-Security patches (numbered approximately around 25,000).
  2. Ensure that the GFI LanGuard's program updates are up-to-date:

    1.jpg

  3. Open the Scanning Profiles Editor (using the shortcut Ctrl+P) in GFI LanGuard and search patches by their Q-Number (same as the KB number).

    2.jpg

  4. If the scan results are coming from a GFI LanGuard agent, ensure that the program updates are up-to-date as well. 

    3.jpg

    Note: Run a custom scan on the agent machine from the console by right-clicking the computer and going to Scan > Custom scan. This will allow you to see if the results from the agent and the console scan are the same.

  5. If the patch is a Microsoft Security Patch that is supported and is not detected by GFI LanGuard, then download and scan the machine using Microsoft Baseline Security Analyzer, as described in the article 'How to use the MBSA'.

    • Microsoft Security Patches come with a Bulletin ID in the form of MSyy-nnn (ex. MS15-005).
    • LanGuard uses the same technology that Microsoft uses, including the same offline scanning file (wsusscn2.cab).

If the above steps do not deliver any explanation about the patch not being recognized as missing by GFI LanGuard, please contact our technical support team via the support portal.

Note: Please include all information related to the patch or service pack, along with any information gathered during the troubleshooting process.

Back to top

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted
  3. Updated

Comments