Microsoft Baseline Security Analyzer vs Bigfix

(imported topic written by ltd200991)

Hi everyone,

On one of my workstations bigfix is only reporting one missing patch (MS11-098) but when I scan the tool with MBSA it’s showing two missing patches: MS10-076 and MS10-001.

In bigfix, fixlet MS10-076 says - CURRUPT patch and that is not relevant to the computer.

MS10-001 is not relevant either and also says - CURRUPT.

I created a custom copy of patch MS10-001 in bigfix and changed the relevance to be applicable to all computers. Then installed it on my workstation in question. It’s state is “pending restart” and I don’t see any errors in event viewer on the system. I have yet to restart the computer and re-scan it but I’m assuming the patch installed.

My question is; has anyone else ever run into false positives or mismatches in reporting tools? Our security team is using third party tools to scan our workstations and I’m concerned we might have some mismatching reports between their tool and bigfix.

thanks!