Purpose
The purpose of this document is to discuss the behaviors when deploying the Windows Security out-of-band updates that were released on January 3, 2018.
The following document contains information on the changes to detection for the applicable patches: Important information on detection logic for the Intel 'Meltdown' security vulnerability
Description
Microsoft is requiring a registry to be on every machine that has no Anti-Virus or outdated Anti-Virus. The following Windows Security OOB updates released January 3, 2018 are affected by this:
- MS18-01-IE Q4056568
- MS18-01-SO7 Q4056897
- MS18-01-SO8 Q4056899
- MS18-01-SO81 Q4056898
- MS18-01-W10 Q4056888, Q4056890, Q4056891, Q4056892, Q4056893
Below is what the expected behavior when scan and deploying these patches without and with the registry key in place.
This is what to expect for scan and deployments when the registry key does not exist on the target machine:
When scanning machines without the registry key in place, you will be offered detection of the updates, but will not be able to download or deploy the update. This will be noted in the Ivanti Comments section for the patch:
Detection only support means the following:
The patch is not downloadable. If you try to download the patch, a message stating 'None of the selected patches need to be downloaded'.
This patch cannot be deployed, this is what the Deployment Tracker will look like during the attempt. The download patches will not turn green as the patch cannot be downloaded and deployed until the registry key is detected.
This is what to expect for scan and deployments when the registry key exists on the target machine:
When scanning a machine that has the required registry key in place, the patches will be offered with full deployment support. This means the patch is now able to be downloaded from Microsoft and to be deployed to the endpoints.
The patch will now be downloaded and then packaged as normal.
The patch will now be scheduled and then start the deployment execution process.
Additional Information
Affected Product(s)
Shavlik Protect 9.2
Ivanti Patch for Windows Servers 9.3