Overview

GFI LanGuard scan results incorrectly update the client machines information. The Remediation Center shows available patches for deployment and updates to install, and reporting on vulnerabilities that are no longer present; however, those patches have already been remediated, and updates were successfully installed.

Solution

Several factors could lead to issue with the Remediation Center showing patches that have already been installed. When endpoints are scanned, the results are based on the latest definitions available to the LanGuard server or the Agent doing the scan; the discovered information is saved in the LanGuard backend database, which later on provides the information for the Remediation Center and reporting.

For the accurate results to be detected and displayed:

1. Verify that a successful scan was run after the remediation.

If there was no successful scan after the remediation, the results in the console will be outdated. If that's the case, please run a Full Scan on the target machine(s) and verify whether the information is accurate after the scan is completed.

It is also recommended to enable a Patch verification scan after deployment as described in our KB article Configuring Auto-Remediation Options (check After Deployment options).

2. Ensure that the LanGuard server and the Agents are receiving updates with the latest definitions.

1. The updated definitions are only provided to the latest LanGuard version. If you are still using the older version - Upgrade the GFI LanGuard.

2. Environmental changes may be preventing LanGuard from automatically downloading the latest patch detection and vulnerability definitions. Follow the Updating LanGuard Server Manually When Product Does Not Get Latest Definitions or Agents Do Not Update article to ensure you have the most recent definitions.

3. Agents should automatically update when they start the next scan. The success can be verified by navigating to Activity monitor -> Progam updates and checking the Agent updates tab. Agent updates need to be showing as successful for the affected target clients. If not, Fix LanGuard Agent Failed Updates.

3. Ensure the network connectivity and correct security permissions.

Ensure that the required Firewall Ports are open on the target machine(s) and the LanGuard server. This is necessary for the successful scanning operations and Agent communications with the LanGuard server to report the scan results.

Once the settings are ensured to be in place, Perform all the Required Network Connectivity Tests and Verify Security Permissions. Fix all the issues you find during these checks.

4. Verify the health of the backend scan results database.

All scan results are saved to the GFI LanGuard database (default name LNSSScanresults12), and the LanGuard console retrieves information on the status of individual machines based on these scan results. If there are problems with the database or issues communicating with it, the results would be unreliable and old data will be returned.

For example, if the 'Could not get the DB connection' error is encounters, or the SQL Express database has reached its maximum capacity, scan results just won't be saved for the LanGuard to analyze them. Follow the Maintain the Scan Results Database article to ensure that the backend database is in good shape.

In some cases, it may be necessary to create a new database and add a test machine to scan to see if this is a database issue.

Run a Full Scan on the target machine(s) and verify that the scan results information is now accurate. If the issue is still there, but only a machine or two are affected, the issue is related to the particular machine environment. For example, Windows Update components on the target machine(s) may be corrupted and have to be fixed to resolve the issue.

Testing

Run a Full Scan on the target machine(s) and verify that the scan results information is now accurate. If the issue persists, contact GFI LanGuard Support.