Follow-up: Software Update Statistics

Mure
Mure W/ Alumni Posts: 16 Security Scout

Sorry, I clicked the "Accepted Answer" too soon earlier. There's a larger question about the statistics that appear on the EPP dashboard. For example, right now for one organization I see 136 computers listed for "Protection status" (left hand radial graph) but only 112 systems listed for "Software update status" (right hand radial graph). What accounts for the 24 missing systems? If I download the details for the 136 systems as a CSV file, I find: 10 MacOS systems show "Not installed," so it makes sense that those 10 would not appear in the software update statistics. But what about the remaining 14? There are 40 non-MacOS systems that show "Not communicated in at least 14 days," but that can't explain it since that would reduce the number of systems to just 86, rather than 112.

So it's a mystery. Which 24 systems are (or are not) included in the statistics for "Software update status?" Again I worry that the "93% up-to-date" number may give us a false sense of security, since there are 24 systems that aren't being included in the calculation.

Thanks!

Best Answer

  • MikaArasola
    MikaArasola W/ Partner, W/ Staff, W/ Product Leadership Posts: 68 W/ Staff
    Answer ✓

    Hi!

    Sorry if this is causing you confusion. We have recently moved software updates to be handled by a new separate backend service and there might be a few corners where this causes inconsistencies. We are working on polishing the edges.

    The reason you might see a different amount of devices in the device listing or protection graph vs. software updates is that the software updates diagram is produced based on data from this new backend service. We have consciously done some small changes there, to ensure the data regarding software updates would be as relevant as possible:

    • If you have clients with an operating system that does not support software updates (yet) such as Macs or Linux, then those won't show up in the software updates status.
    • If a device has not updated it's software update status in 2 weeks then it will vanish from the software update status until it scans for missing updates again. The reason for this is twofold, firstly you won't be able to patch that computer anyway while it is turned off. Secondly, the status will likely have changed anyway, so a new scan is needed to show the correct data (with default settings clients scan daily)

    While the status piecharts and part of the other fields are now fetched in real time from the new service, we have a few fields that are updated more rarely. If you have a device which is offline for over 2 weeks and removed from the status, it's possible that some of the dashboards or device details will still show the old value causing inconsistencies. We hope we can get all of those aligned in the coming months so it's more clear.

Answers

  • JamesC
    JamesC W/ Partner, W/ Staff, W/ Moderator Posts: 498 Moderator

    Hi,

    Make sure that these hostnames  are reachable by the devices:

    *.fsapi.com,

    *.f-secure.com 

    To guarantee proper transmission between the endpoints and backend, the endpoints need to be able to communicate over HTTP and HTTPS, port 443, with various sub-domains owned by F-Secure (*.f-secure.com and *.fsapi.com).

    You should also allow connections to the digicert.com domain,

    as Windows API may need to verify F-Secure services that are signed with a certificate that is issued by Digicert.

    If it still fails after that please collect FSDiag and create a support ticket to us.

  • Mure
    Mure W/ Alumni Posts: 16 Security Scout

    Thanks. Is there any way to determine which 24 hosts are not being counted? That would make it a lot easier to investigate why/if they can't connect to those domains.

    Thanks!

  • JamesC
    JamesC W/ Partner, W/ Staff, W/ Moderator Posts: 498 Moderator

    Hi,

    Under "Devices" tab on portal, you can choose "Category" filter and there is "Software Updates". In there you can see which devices are not scanned or when last scan or installation was , which can be sorted.

  • Mure
    Mure W/ Alumni Posts: 16 Security Scout

    Hello!

    Thanks. Yes, this is where things get confusing. For example, right now, for the same organization, the dashboard shows 136 devices, but the total number of systems in the "software updates" graph is only 112. Hovering over the green part of the graph, it says "No security updates are missing on 101 computers." Beneath the graphs, it has

    Critical security updates are missing on 9 computers

    2 subscriptions expire within 14 days

    Real-time scanning is disabled on 7 computers

    Important security updates are missing on 2 computers

    2 subscriptions will expire within 60 days

    If I look at the "Software Updates" category under "Devices" and sort on "Software updates" I see:

    Critical security updates missing (14)

    Important security updates missing (3)

    Not installed (10)

    Important updates installed (83)

    Outdated scan results (26)

    All of which raises questions:

    (1) Which systems in the second set of numbers correspond to the 101 computers that are not missing any security updates?

    (2) There are 24 systems listed under Devices that are not included in the Software updates statistics. Which systems in the second set of numbers correspond to those 24 systems?

    (3) Why do the first set of numbers from the Dashboard say there are 9 computers missing critical security updates but the second set says 14?

    None of the numbers seem to add up properly, which makes me think some other criteria are involved, but it's not clear what those are, so the Dashboard statistics end up being unclear.

  • JamesC
    JamesC W/ Partner, W/ Staff, W/ Moderator Posts: 498 Moderator

    Hi,

    We would like to investigate further. Please submit a support case with PSB account name, so that we can check the data.

    https://www.f-secure.com/en/business/support-and-downloads/support-request

This discussion has been closed.