Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
arivet-AMER-FNAC-TAC
Staff
Staff

Created on ‎03-31-2024 11:54 PM

Article Id 307425

Technical Tip: Hosts Unexpectedly failing Security or Critical Updates Scan

Description This article describes that Security or Critical Updates Scan fails although there are no updates from Windows Update service in the GUI of the host.
Scope FortiNAC , FNAC-F.
Solution The FortiNAC agent is not responsible for checking for specific updates it instead leverages the host's update service and configurations set by the policies 

The WindowsUpdateAgent is queried using an ISearcher to search for updates that are:

  1. Not installed.
  2. In category {Security} or {Critical}.

 

Not all updates are visible in the GUI of the host. Recent issues stem from this update.

To verify if there are missing updates and not visible in the GUI of the Windows update,  a simplified command can be run in PowerShell of the Windows machine that is similar to what the FortiNAC agent uses.

 

This simplified command will work on all Windows versions. 

 

(New-Object -ComObject Microsoft.Update.Session).CreateupdateSearcher().Search("IsInstalled=0").Updates | Select-Object Title

 

This will return ALL results of not-installed patches or updates. 

 

Updates_Not_Installed.png

 

Because there is at least one Security update this host will fail. 

 

If the WindowsUpdateAgent is unable to reach its server it will throw an error but this is not visible to the FortiNAC Agent.

An error will return no results meaning the host will PASS. Alternatively, the scan may just hang altogether, see the KB article here for further troubleshooting if the WindowsUpdateAgent is unable to reach its configured server.

It is also possible to find the specific not installed patch in the Persistent FortiNAC Agent logs in:

C:\ProgramData\BradfordNetworks\general.txt


Example:

 

2024-02-27 18:41:07 UTC :: Info: andTask/andTask/2024-01 Security Update for Windows 10 Version 22H2 for x64-based Systems (KB5034441);
2024-02-27 18:41:07 UTC :: Debug: Info: andTask/andTask/2024-01 Security Update for Windows 10 Version 22H2 for x64-based Systems (KB5034441);
2024-02-27 18:41:07 UTC :: Windows 10 x64 Critical and Security Updates status 2

 

If it is not possible to remove the availability of the patch, the host will continue to fail. Recommendations are to use Audit-Only until the patch can be installed or use Delayed Remediation to allow the host additional time to install the patch.

 

For instructions on adding or modifying a scan:

Add or modify a scan

 

375
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.