• Welcome to Support Forum: Get Support for Patch My PC Products and Services.
 

WebEx 43.3.0.25468 Not Patched with 43.4.0.25959 PMPC-2023-04-20

Started by Eddie78701, April 25, 2023, 09:55:24 AM

Previous topic - Next topic

Eddie78701

SCCM shows the endpoint as having WebEx 43.3.0.25468 (x64) installed on a system in the Hardware Inventory but it does not appear as "Required".  So SCCM is not offering or patching the system.  I am just not sure how to start troubleshooting why SCCM would not see the update as being needed.  Is there a KB or posting here that I might be overlooking?  I am working from the assumption that PMP has some type of file that is used for the detection of apps...

Eddie78701

I found https://patchmypc.com/how-to-view-applicability-rules-and-troubleshoot-detection-states-for-third-party-updates which is VERY helpful.  In step 3 the report shows that PMP does not believe that WebEx is installed so I will reach out to support since that was what my gut was thinking.

Jake Shackelford (Patch My PC)

If you could email the issue and the following logs to [email protected] that would be incredibly helpful! Logs to collect Additionally if you could run the following Powershell script on one of the client devices experiencing issues that would be helpful. Export Script It will export a CSV file wherever it is run of the Uninstall hive registry keys.

Eddie78701

I have worked with support and the issue is due to have the app was installed under the user profile.  Apparently PMP does not patch apps installed like this so we have a glaring hole in the capabilities of PMP. 8-( :-[

ekraus

So, I'm just running into this myself and, as Eddie78701 mentioned, it's a user install that appears in Hardware Inventory. This would mean, and I confirmed, that it has an entry in the HKLM area of the registry (HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall). Below is the IsInstallable Rules taken from Cisco Webex Meetings and modified for Webex; I used the version referenced in the original post. Is it possible that the detection of the update could be augmented to use something like this?

<bar:RegKeyLoop RegType32="true" Key="HKEY_LOCAL_MACHINE" Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" TrueIf="Any">
<lar:And>
  <bar:RegSzToVersion RegType32="true" Key="HKEY_LOOP_TARGET" Subkey="\" Comparison="LessThan" Data="43.4.0.25959" Value="DisplayVersion" />
  <bar:RegSz RegType32="true" Key="HKEY_LOOP_TARGET" Subkey="\" Comparison="BeginsWith" Data="Webex" Value="DisplayName" />
  <bar:RegDword RegType32="true" Key="HKEY_LOOP_TARGET" Subkey="\" Comparison="EqualTo" Data="1" Value="WindowsInstaller" />
</lar:And>
</bar:RegKeyLoop>

ekraus

Just bumping this for visibility. Is there a possibility to receive a reply from an admin on this, please?

Eddie78701

I logged a support call and the fact that they do not patch software installed by users seemed to be new for the person who was assigned my ticket.  They went so far as review logs and were able to duplicate the issue in a lab.  PatchMyPC does not seem to be interested in making their product better as these apps are like playing a game of whack a mole where on any given day someone has installed them (often not on purpose).  So unpatched apps that interact with the internet that are installed by users represent a great attack surface for hackers. :-[

Setting up a policy and features of Win10 to block the installing or running of apps in AppData has been seen as untenable for me even though I believe it would offer immeasurable security benefits.

chris.mcgrath

Bumping this for visibility and requesting an update from a PMP admin, please.

Jake Shackelford (Patch My PC)

We have greatly expaned our list of supported products for USER-based applications if you navigate to Supported Products and type in USER you will see all the ones we can cover. Having said that I've also pinged one of our catalog engineers to see if they might have a deeper dive into why this app isn't covered today. Generally, if it's available we attempt to add them but sometimes vendors make it incredibly difficult.

Andrew Jimenez (Patch My PC)

Hello,

Updates deployed via WSUS are unable to patch user-based installs as they run as the SYSTEM account. This is a limitation of WSUS itself, and something we will not be able to change. Webex, and a few other applications in our catalog are a bit weird because even when they are installed as a User-based application, they still register themselves as a Machine-wide install. Because of this, our WSUS update for Webex does some file checks in addition to the MSI installation check. This can cause a lot of confusion, even for our support staff, as the applications look like they are installed as SYSTEM, but are not. In fact, trying to remove these installs using the SYSTEM account will fail, because the MSI is not registered System-wide (at the moment, I think this is hidden somewhere deep in WMI).

We have improved our user-based application compatibility by offering user-based apps under the ConfigMgr Apps/Intune Apps and Intune Updates tabs in Patch My PC.

Quote from: ekraus on May 17, 2023, 09:47:52 AMSo, I'm just running into this myself and, as Eddie78701 mentioned, it's a user install that appears in Hardware Inventory. This would mean, and I confirmed, that it has an entry in the HKLM area of the registry (HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall). Below is the IsInstallable Rules taken from Cisco Webex Meetings and modified for Webex; I used the version referenced in the original post. Is it possible that the detection of the update could be augmented to use something like this?

<bar:RegKeyLoop RegType32="true" Key="HKEY_LOCAL_MACHINE" Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" TrueIf="Any">
<lar:And>
  <bar:RegSzToVersion RegType32="true" Key="HKEY_LOOP_TARGET" Subkey="\" Comparison="LessThan" Data="43.4.0.25959" Value="DisplayVersion" />
  <bar:RegSz RegType32="true" Key="HKEY_LOOP_TARGET" Subkey="\" Comparison="BeginsWith" Data="Webex" Value="DisplayName" />
  <bar:RegDword RegType32="true" Key="HKEY_LOOP_TARGET" Subkey="\" Comparison="EqualTo" Data="1" Value="WindowsInstaller" />
</lar:And>
</bar:RegKeyLoop>

Our current detection method for Webex for WSUS updates looks for the Webex MSI to be installed (which would be true on a user or machine-based installation) as well as files in Program Files. This ensures that the application to be patched is actually the machine-wide installation, and not the user-based installation. If we modified the applicability rules to look for the application in the registry like Webex Meetings, the update would install, but you would be left with 2 installations, one for the user, and one machine-wide.

Additionally, we have recently made some headway with these sort of apps by using our pre-scripts feature to remove the user-based applications with some help from PSADT. See the following script for an example: https://github.com/PatchMyPCTeam/Community-Scripts/tree/main/Install/Pre-Install/Remove-RemoteDesktopSystemUser

Using a ConfigMgr App deployment of Webex along with a prescript similar to the above (we'll work on getting that script up on the GitHub in the next day or so), should allow you to "migrate" an existing user-based installation of Webex to Machine-wide. I don't believe this will be a cure-all, however, as many security products flag user-impersonation as a malicious action, and may block such scripts.

I hope this has provided some background on the issue and the challenges we face when patching certain applications.

Andrew Jimenez (Patch My PC)