Overview
This article explains how LanGuard detects missing patches for Windows, including Microsoft-developed and third-party patches.
Introduction
One of the main GFI LanGuard features is its missing patch detection for Microsoft and non-Microsoft applications (together with the remote patch deployment functionality). Missing patch detection is a very elaborate process that is using the Patch Management Database. This database contains all the data on the patches and provides information on how to detect if the patch is missing (in encrypted form).
The detection process can be simply checking the value of a registry key or the version of a dll, or it can be rather complex, with a combination of various checks, depending on the version of the operating system.
The following section provides additional details on the process for a more in-depth and precise understanding of LanGuard's missing patches detection and can help when troubleshooting related issues.
Description
LanGuard uses one of two engines to check for missing patches.
Windows Update Agent
The main engine used is the Windows Update Agent (WUA). This Microsoft-developed tool is used by LanGuard to detect all missing and installed Microsoft patches. First, LanGuard checks if WUA is up to date and updates it if necessary using the installer shipped with LanGuard itself (located in the shared application data folder PatchManagement subfolder). Once LanGuard ensured that the WUA engine is already up to date, LanGuard then calls the WUA and provides it a freshly downloaded copy of the offline Scan Package (wsusscn2.cab).
LanGuard uses the same functionality as Microsoft Baseline Security Analyzer (MBSA), and it should return the same results as long as the LanGuard Patch Management Database is up to date. A quick modern alternative to MBSA’s patch-compliance checking is Using WUA to Scan for Updates Offline, which includes a sample .vbs script. For a PowerShell alternative, see Using WUA to Scan for Updates Offline with PowerShell.
For a list of all Microsoft's patches supported by LanGuard, refer to Supported Microsoft Security Bulletins.
LanGuard Patch Engine
The second scanning engine is the LanGuard Patch Engine. This is our proprietary engine used to scan and detect third-party patches using the Patch Management Database (lanss_12_patchmngmt.mdb) located at C:\ProgramData\GFI\LanGuard12\PatchManagement
.
For a list of all non-Microsoft patches supported by LanGuard, refer to Supported 3rd party Windows Application Updates.