Hi Jonathan,
The Patch Manager report "Need Patch, but Don’t have" is based on computers member of DSM Groups like "UPM Patch Not Found*"
The groups "UPM Patch Not Found*" contain machines which require the patch to be installed but they have not it.
If a machine belongs to one of group "UPM Patch Not Found*" it will appear in the result of report for associated patch.
The groups "UPM Patch Not Found*" are based on DSM Query which contains 4 conditions (AND operator between the conditions) :
- The patch is not present in the software inventory of the machine (signature scan)
- The date of last execution of "Signature Scan" is more recent than date of signature of the patch.
- The machine has at least one software of the "Patched Software" list in the software inventory (Signature scan)
- The machine has at least one software of the "Conditions for targeting" list in the software inventory (Signature scan)
If some machines appear in the groups "UPM Patch Not Found*" but they should not, check these 3 points :
- Make sure that DSM group has been evaluated recently or do a manual evaluation
- Check if Software Inventory of the machine looks correct and has been inventoried recently
Otherwise you coud try a full inventory scan with :
caf start amagent args -rescan_software -collect
- In UPM console, check the "Conditions for targeting" list
Example :
CA - Win 2008 Post SP2 32Bit x86 OS Only - DELTA Security Rollup v1801.00
needs
CA - Win 2008 Post SP2 32Bit x86 OS Only - FULL Security Rollup v1712.00 Or
CA - Win 2008 Post SP2 32Bit x86 OS Only - DELTA Security Rollup v1712.00
Thanks.
Regards,
Jean-Yves