Symantec Endpoint Protection's (SEP) Host Integrity feature has the ability to check for an installed Microsoft patch or hotfix by KB number. However, there are instances in which the Host Integrity check will fail, even when the patch is listed as installed under the 'Installed Updates' Control Panel interface.
SEP Security Log shows Host Integrity check failed entries for Patch requirements. As example:
Host Integrity uses a Windows Management Instrumentation (WMI) query to get the list of installed Microsoft patches and hotfixes. The WMI query Host Integrity uses implements the Win32_QuickFixEngineering class. According to Microsoft, this class, "returns only the updates supplied by Component Based Servicing (CBS). These updates are not listed in the registry. Updates supplied by Microsoft Windows Installer (MSI) or the Windows update site (http://update.microsoft.com) are not returned by Win32_QuickFixEngineering".
Symantec will update this article once more information is available. Click the Subscribe button to be notified of future updates through email.
Subscribing will provide email updates when this Article is updated. Login is required.