Re: hfnetchk reporting

From: jmcguire@sbcs.com
Date: 07/29/02


To: "Ingersoll, Jared" <jared@cswv.com>
From: jmcguire@sbcs.com
Date: Mon, 29 Jul 2002 16:54:04 -0400


Yes. I made some noise about this in April to no avail. Check the file list
in the patch against the actual files on your system and you will most
likely find that HFNetchk is correct in it's reporting and at least one
file you have on the system is actually older than what the patch installs.
You may also want to run hfnetchk with -v -z -b. This will give you a
verbose response and count only on the actual file signatures, not the
registry entries for what is supposed to have been patched.

 You can access my write-up from April on our web site under security
services. MS has never came back with any explanation.

Here's the nasty no good procedure I have been using for new machines:
   Service packing and applying the latest hotfix rollup
   After that, Windows Update has been doing an admirable job in the last
   month of finishing the patching
   Scan with hfnetcheck or MBSA after WU for anything missing and add it
   manually
   Finally do a scan to verify that you have them all. If you do, don't
   relax, there will be a new one tomorrow :-)

Good luck!
__________________________________________
JOHN MCGUIRE CISSP, MCSE2k, MCSE+I, MCT
888.529.0401
jmcguire@sbcs.com
Strictly Business
 www.sbcs.com

                                                                                                            
                    "Ingersoll,
                    Jared" To: focus-ms@securityfocus.com
                    <jared@cswv.co cc:
                    m> Subject: hfnetchk reporting
                                                                                                            
                    07/29/2002
                    02:28 PM
                                                                                                            
                                                                                                            

Hi,

Several systems folks here have run into the issue of hfnetchk reporting
"Patch NOT Found" after applying the appropriate patches and rebooting.
This
seem to be consistent of both NT and 2000 (though I haven't replicated this
issue myself). Anyone run into this issue with hfnetchk.exe?

here's one particular patch on an NT 4.0 sp6a server:

Patch NOT Found MS02-006 Q314147

Ideas?

Jared



Relevant Pages

  • RE: HFNetChk Pro vs. other means to push out updates
    ... > HFNetChk is a product designed specifically for Microsoft's business level ... >> the presence of a patch specific registry key. ...
    (Focus-Microsoft)
  • RE: HFNetChk Pro vs. other means to push out updates
    ... HFNetChk is a product designed specifically for Microsoft's business level ... from MS operating systems. ... > the presence of a patch specific registry key. ...
    (Focus-Microsoft)
  • RE: HFNetChk Pro vs. other means to push out updates
    ... HFNetChk is a product designed specifically for Microsoft's business level ... from MS operating systems. ... > the presence of a patch specific registry key. ...
    (Focus-Microsoft)
  • RE: hfnetchk reporting
    ... creates patches and hot fixes. ... HFNETCHK checks 3 things from what I know. ... Many of the patches that you can apply do not have a registry entry that ... "Patch NOT Found" after applying the appropriate patches and rebooting. ...
    (Focus-Microsoft)
  • Re: HFNetChk Pro vs. other means to push out updates
    ... however, support for Solaris, HP/UX, and IRIX is also planned." ... >> I'm giving a public webcast presentation on HFNetChk on April 9th. ... >> the presence of a patch specific registry key. ...
    (Focus-Microsoft)