WebEx 43.3.0.25468 Not Patched with 43.4.0.25959 PMPC-2023-04-20

[Eddie78701]

SCCM shows the endpoint as having WebEx 43.3.0.25468 (x64) installed on a system in the Hardware Inventory but it does not appear as "Required".  So SCCM is not offering or patching the system.  I am just not sure how to start troubleshooting why SCCM would not see the update as being needed.  Is there a KB or posting here that I might be overlooking?  I am working from the assumption that PMP has some type of file that is used for the detection of apps...

[Eddie78701]

I found https://patchmypc.com/how-to-view-applicability-rules-and-troubleshoot-detection-states-for-third-party-updates which is VERY helpful.  In step 3 the report shows that PMP does not believe that WebEx is installed so I will reach out to support since that was what my gut was thinking.

[Jake Shackelford (Patch My PC)]

If you could email the issue and the following logs to [email protected] that would be incredibly helpful! Logs to collect Additionally if you could run the following Powershell script on one of the client devices experiencing issues that would be helpful. Export Script It will export a CSV file wherever it is run of the Uninstall hive registry keys.

[Eddie78701]

I have worked with support and the issue is due to have the app was installed under the user profile.  Apparently PMP does not patch apps installed like this so we have a glaring hole in the capabilities of PMP. 8-(

[ekraus]

So, I'm just running into this myself and, as Eddie78701 mentioned, it's a user install that appears in Hardware Inventory. This would mean, and I confirmed, that it has an entry in the HKLM area of the registry (HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall). Below is the IsInstallable Rules taken from Cisco Webex Meetings and modified for Webex; I used the version referenced in the original post. Is it possible that the detection of the update could be augmented to use something like this?

<bar:RegKeyLoop RegType32="true" Key="HKEY_LOCAL_MACHINE" Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" TrueIf="Any">
<lar:And>
  <bar:RegSzToVersion RegType32="true" Key="HKEY_LOOP_TARGET" Subkey="\" Comparison="LessThan" Data="43.4.0.25959" Value="DisplayVersion" />
  <bar:RegSz RegType32="true" Key="HKEY_LOOP_TARGET" Subkey="\" Comparison="BeginsWith" Data="Webex" Value="DisplayName" />
  <bar:RegDword RegType32="true" Key="HKEY_LOOP_TARGET" Subkey="\" Comparison="EqualTo" Data="1" Value="WindowsInstaller" />
</lar:And>
</bar:RegKeyLoop>

[ekraus]

Just bumping this for visibility. Is there a possibility to receive a reply from an admin on this, please?

[Eddie78701]

I logged a support call and the fact that they do not patch software installed by users seemed to be new for the person who was assigned my ticket.  They went so far as review logs and were able to duplicate the issue in a lab.  PatchMyPC does not seem to be interested in making their product better as these apps are like playing a game of whack a mole where on any given day someone has installed them (often not on purpose).  So unpatched apps that interact with the internet that are installed by users represent a great attack surface for hackers.

Setting up a policy and features of Win10 to block the installing or running of apps in AppData has been seen as untenable for me even though I believe it would offer immeasurable security benefits.