Global Protect - How does patch matching work?

Reply
Highlighted
Not applicable

Global Protect - How does patch matching work?

Can someone please detail how a HIP profile for missing patches works?  I have tried every combination possible and I always get the same result.

My Criteria is as follows:

Patching is Enabled Yes is Installed Checked

Severity - Greater than 2 (Which means 3 or Critical for Microsoft related patches)

Check - Has None

Vendor - Microsoft Corp.

My Gateway HIP Notification rule says:

On Match display bubble "Missing Patches"  on Not Match "Patches Good"  - this of course is just verbiage for me to know which match condition is hitting.

When I connect with the GP agent the "Patches Good" message pops up, telling me the Not Match rule fired. (or to my logic you do not have missing patches greater than severity 2).

On a fully patched machine this is great, but then I removed a critical patch (verified on technet to have a Critical Severity rating) and re-connected.  Same "Patches Good" message.

I re-submitted HIP profile and ran again, same thing so I figured I have the wrong Check logic.  I tried Has All and Has Any with the same "Patches Good" message fired.

Now I am at a loss and wondering if I am missing something so I have the following questions:

  1. What is the logic of Has None vs Has Any vs Has all
  2. How does GP know what patches are available from Microsoft, and what severity they are?
  3. Do I need to populate the "Patches" section of the Criteria tab in order for GP to know what it is looking for?
  4. What happens if I want to check patches from Adobe?
Highlighted
L6 Presenter

Re: Global Protect - How does patch matching work?

what information do you see on global protect client application patch-management tab ?

has none, has any and has all is a logic that works :

will controll if the patch you want to exclude you choose has none

you want to match any of the patches you choose any, or for all patches should match you choose all.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!