Troubleshooting false positives in Windows Patch Analysis job results

A Windows Patch Analysis job reports that a specific patch is missing from a target server even when the patch is installed.

This topic helps you to locate and review the appropriate logs to determine why the patch is reported as missing (understand the detection logic) and either help you identify and resolve the issue or create a BMC Customer Support case.

Issue symptoms

A Windows Patch Analysis job reports that a specific patch is missing from a target server, whereas the patch is installed. The following image shows the missing patches view in a Windows Patch Analysis job results.

Issue scope

The issue may occur for multiple Windows patches or a single patch.
The issue may occur on a single Windows target server or multiple servers.

Diagnosing and reporting an issue

Task	Action	Steps	Reference
1	Understand problem scope	Which patches are unexpectedly reported as missing? Which servers are unexpectedly reporting the patch(es) as missing?
2	Why is the missing patch believed to be actually installed?	Is the missing patch listed as an Installed Patch under the Control Panel "Add or Remove Programs" view?
3	Identify and locate the logs	The Job Log Package for the Windows Patch Analysis job captures all the log files required to troubleshoot the issue. See the documentation link and KA/Video in the reference section for steps on generating the Log Package.	Generating a Log Package for a Job RunVideo for generating a Log Package
4	Review the logs to identify why the patch detection logic is reporting the patch as missing.	Review KA 000314276 and the embedded video which walks your through the process of reviewing the logs to determine why the patch is being reported as missing.	KA 000314276Video on troubleshooting Windows Patching False Positives
5	Run Ivanti DPDTrace tool to capture more detailed logs.	If the actions followed in step 4 above did not uncover the root cause, we can open a case with Ivanti for further assistance. In this case, we need to run the Ivanti DPDTrace tool to capture more-detailed information around the patch detection logic and why it is reporting the patch as missing.	Ivanti documentation on the DPDTrace toolRunning the DPDTrace tool
6	Creating a BMC Support Case	Provide the following information and log files when creating a case with BMC Customer Support: Scope of the issue as identified in step 1 Why the missing patch is believed to be installed (step 2) The Application Server OS vendor and version The Application Server product version Logs collected in step 4 Zip (HFCLI_XXXX.zip) file created in step 5

Resolutions for common issues

Symptom	Action	Reference
An installed patch is reported as missing and the following warning is displayed in the Job Run Log: Reboot is pending on this machine, analysis results may be in-correct.	Reboot the host and re-run the patch analysis job	Pending Reboot status and how it affects Windows Patch Analysis and remediation results
After working with BMC Customer Support, it is determined that this is not a false positive and that certain criteria is not met on the Target Server for this patch to be declared as Installed. For example, abc.dll is at version 5, whereas the patch detection logic requires it to be at version 6.	Work with the System Administrators or Application owners to resolve the issue on the Target Server.
After working with BMC Customer Support, it is determined that this is indeed a false positive and the Ivanti metadata update may be required.	BMC will work with Ivanti to update the required metadata. You need to update the Windows Patch Catalog.