Web Reports shows TRUE as green, but that doesn’t mean TRUE is good. It entirely depends on what TRUE means for the given property.
This is because the choice was made to report TRUE as meaning that the powershell has the suggested action in the output. TRUE means it recommends that action.
In hindsight the true/false values could have been the opposite and that might have been more clear.
did you run it with the bigfix action? If you run it outside of the bigfix action, then the reporting will not update in the console / webreports.
Addressed feedback regarding multiple CPUs when setting $cpu
if ($cpu -is [array]) { $cpu = $cpu[0] }
1.0.3
Signed files using SHA2 certificate
Glad to know I wasn’t missing something as far as 1.0.3 because it didn’t change the code from 1.0.2 at all. I’ll have to take a closer look at 1.0.4 to see what it changes, but I’m glad it fixes the multiple CPU bug.
One addition to 1.0.4 not mentioned in the release notes is that it is also letting you know if PCID optimizations are available, which doesn’t affect security but if present means the performance impact will be less for the mitigations, which is good to know.
I would think we would want it to work for all physical and virtual machines. Hyper-V and VMware guests have to be cold booted to pick up the changes so we do want this detection tool to work for all types.
Are you sure you are running the updated tasks and analysis on github? They should report what version of the tool was run. If you put the task in a baseline, you may have to remove and readd it.
We’ve had this Report enabled from the start, running the script every day. We’re at the latest PowerShell version.
When we kicked off our patching cycle on Jan 17, we noticed, as expected, that the Windows Update Suggested graph started to change from True to False.
I just looked this morning and it seems it is starting to run backwards.
The last time I looked was on Jan 18 and we had 3,097 endpoint returning False.
Looking now (Jan 26), 2,282 are returning False.
I wanted to ask if anyone else has noticed this behavior.
I’ve got 1.0.4 running every 6 hours on everything in our Windows environment with PowerShell 1.0 and higher, and I have not noticed a drop in False results. Day-on-day since yesterday to this morning we’re up roughly 1k endpoints.
Yep, that looks correct. So the fixlet relevance remains false, but for some reason your SpeculationControl script detection is now change from False to True. That’s odd.
Any other explanation that could explain the drop in numbers? Have you actually seen an equivalent rise in True results? If not, do you have any filters on reporting date or some other property, causing systems to not be included in the overall report and therefore making it seem like the numbers are lower/higher than they actually are?
I can’t think of a reason why the script results would suddenly change without the fixlet relevance for the patches changing similarly.