KB number based analysis report

Content Authoring
1

Hi everyone,

The following relevance script is I’m using for get result of Microsoft patch installed system based on KB number.( Created as a analysis)

if (exists wmi) then ((string value of property “HotFixID” of it) of select objects “HotFixID from Win32_QuickFixEngineering where HotFixID != 'KB2511455’” of wmi) as string else (“N/A”)

is the script is valid one to get following KB2511455’ patch installed system. ???

if any modification needed or you all have any analysis fixlet for this KB number based report means Kindly share

Thanks & Regards
Vicky

1 Like
2

The relevance you have provided is not quite correct for what you want. That relevance would filter out all computers that have that KB installed.

This seems like what you are looking for:

exists (string values of properties "HotFixID" of it) whose(it starts with "KB2511455") of select objects "HotFixID from Win32_QuickFixEngineering" of wmis

This topic/post is a duplicate of: Need analysis Fixlet for Particular KB number based report

3

Hi there, what happens if it a 64 bit device? I tried it in debugger and I come up with a false using a KB number i can validate is installed.

4

I am getting two completely different values when using this analysis type to check for a 3 KBs:
THis is my orginal analysis:
(exists descriptions of records whose (event id of it = 2 AND description of it contains “KB4056897 was successfully changed to the Installed state”) of event log “Setup”) and (exists descriptions of records whose (event id of it = 2 AND description of it contains “KB4074587 was successfully changed to the Installed state”) of event log “Setup”) and (exists descriptions of records whose (event id of it = 2 AND description of it contains “KB4088878 was successfully changed to the Installed state”) of event log “Setup”)
This is the one I used your example for:
exists (string values of property “HotFixID” of it) whose(it starts with “KB4056897”) of select objects “HotFixID from Win32_QuickFixEngineering” of wmi and exists (string values of property “HotFixID” of it) whose(it starts with “KB4074587”) of select objects “HotFixID from Win32_QuickFixEngineering” of wmi and exists (string values of property “HotFixID” of it) whose(it starts with “KB4088878”) of select objects “HotFixID from Win32_QuickFixEngineering” of wmi

Both of them provide completely different total value when I am running a count to generate a report.

5

Agreed, the referenced post is nearly four years old. Microsoft changed a lot of the detection methods that can be uses when they switched to OS Rollup packages. You really have to check the package and version details rather than just looking for a KB number now.