Innacurate Relevance count?

(imported topic written by deschodt91)

I’ve been seeing some odd results on the last batch of MS patches…

They show as relevant for practically all our computers, yet I know I’ve pushed them already - several times. When I do so again, the action shows that 90% return non-relevant almost immediately. OK, then why are they relevant in the first place and showing those high numbers?

Some weird DB issue ? Something in the relevance language that only gets processed at runtime?

In my case it is the following patches, but I am not sure it matters:

MS11-063: Vulnerability in Windows Client/Server Run-time Subsystem 4,394 / 6,863

MS11-062: Vulnerability in Remote Access Service NDISTAPI Driver 4,280 / 6,863

MS11-065: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service 4,204 / 6,863

MS11-057: Cumulative Security Update for Internet Explorer - 3,996 / 6,863

MS11-069: Vulnerability in .NET Framework Could Allow Information Disclosure - Microsoft .NET Framework 2.0 SP2 - 3,458 / 6,863

Edit: I read about your pending restart + sha1 ("To try to solve all these issues, we invented a technique to have a “named pending restart”, which we usually use the sha1 of the patch file to avoid conflicts. So the Fixlet will only go unrelevant pre-restart if the pending restart with the unique name



That looks like it but it does not seem to work for those, because while I do see "action may require restart “3048d4c77cc7ef3e586121f69f44fbdeaa56dfff” on a non-relevant PC, it’s still listed as relevant in the fixlets… Is the only way out of this to force a restart on the whole domain then ? (not gonna happen for me). Not the end of the world, just wondering, as people pull (innacurate) reports of our patch status as a result.