When is a Relevant Fixlet Not Relevant?

(imported topic written by rclarke)

We have come across a strange issue on a small number of machines where they report a Fixlet as being “relevant”, however when we take an action to deploy that Fixlet it immediately reports back as being “not relevant” even though the machine still reports the Fixlet as being “relevant”. Please note that this is not a time related issue, the Fixlet is still relevant days later and we have tried applying the Fixlet several times. A non-exhaustive list of affected Fixlets include:

MS06-040: Vulnerability in Server Service Could Allow Remote Code Execution - Windows XP SP1

MS06-041: Vulnerability in DNS Resolution Could Allow Remote Code Execution - Windows XP SP1/SP2

MS06-043: Vulnerability in Microsoft Windows Could Allow Remote Code Execution - Windows XP SP2 (Superseded)

MS06-046: Vulnerability in HTML Help Could Allow Remote Code Execution - Windows XP SP1/SP2 (Superseded)

MS06-051: Vulnerability in Windows Kernel Could Result in Remote Code Execution - Windows XP SP1

MS06-055: Vulnerability in Vector Markup Language Could Allow Remote Code Execution - IE 6.0 - Windows XP SP2 (Superseded)

MS06-066: Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution - Windows XP SP2

MS06-067: Cumulative Security Update for Internet Explorer - IE 6.0 - Windows XP SP2 (Superseded)

MS06-068: Vulnerability in Microsoft Agent Could Allow Remote Code Execution - Windows XP SP2

MS06-070: Vulnerability in Workstation Service Could Allow Remote Code Execution - Windows XP SP2

MS06-075: Vulnerability in Windows Could Allow Elevation of Privilege - Windows XP SP2

MS06-078: Vulnerability in Windows Media Format Could Allow Remote Code Execution - Windows Media Player 6.4 (Superseded)

MS07-004: Vulnerability in Vector Markup Language Could Allow Remote Code Execution - IE 6.0 SP1 - Windows 2000 SP4 (Superseded)

MS07-004: Vulnerability in Vector Markup Language Could Allow Remote Code Execution - Windows XP SP2 (Superseded)

MS07-006: Vulnerability in Windows Shell Could Allow Elevation of Privilege - Windows XP SP2

MS07-013: Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution - Windows XP SP2

MS07-016: Cumulative Security Update for Internet Explorer - IE 6.0 - Windows XP SP2 (Superseded)

Any ideas? BTW, we are still on version 6.0.21.5.

Thanks,

Rod.

(imported comment written by BenKus)

Hey Rod,

It sounds like your agents are out-of-sync with your server… That is not supposed to happen, but we have seen this before if your database had temporary issues like being out of disk space at one point or another issue that created a situation where results were lost.

Try sending a refresh to those clients and it should resolve the issue… Alternately, stopping the agent and deleting the “__BESData” folder will make the agent forget everything it reported and resend its full list of properties and relevant Fixlets.

Ben

(imported comment written by rclarke)

Many thanks Ben, we will try deleting the “__BESData” folder to see if that makes a difference, even though I don’t believe we have experienced any database isssues in the past.

Rod.

(imported comment written by MartinZ91)

Hey rclarke

I have seen this behaviour also in some of our clients. I was surprised, that new propeties and analysis got active on the clients, but the fixlets did not become non-relevant.

Sending the refresh solved the problem immediatelly

regards