Atera, SQL, Other Software Updated Unknowingly
Hi Forum Crew,
Edit: Maybe this is actually a software inventory task running. I'm not sure if its Atera doing the inventory task or not though. Perhaps the rest of my post can elaborate more. I don't think an actual update was happening.
Hunting down a mystery at the moment and wanted to see if anyone shared a similar experience but I have clients that are under Automation policies and with Atera managed reboot windows that applied a whole list of software updates including SQL patches, Atera patches, and others without record of where those updates were started/kicked off from.
I have Informational warnings listed for software installs and it only picked up on (1) update to the SQL server but no others. In the software inventory and the windows update inventory it doesnt list any recent patches/updates for the time frame and day listed (around 10am).
I was able to find #1035 MSI INSTALLER logs for each patch/update totaling around fifteen items that were updated but Windows Updates doesn't show patches, Atera doesn't show any tasks run, and I did not have logging setup for "all".
Atera was or is set to have all the patches run and be approved by Atera. Though, I am sure there are scheduled tasks associated with individual applications that might run with Atera's knowledge - I have not been able to find where that list 1035 MSI Installer logs came from. All the applications referenced are known and probably needed to be updated but - again - Atera doesnt show those entries as being recorded or kicked off by the agent. (that I can find).
Any ideas? I'm scratching my head. I did find a scheduled task from a previous administrator that was setup locally but would not have coincided with updates or patches and it was hours different from the time period listed.
Thank you!
Comments
-
More Info:
"Windows Installer reconfigured the product. Product Name: Microsoft Update Health Tools. Product Version: 5.72.0.0. Product Language: 0. Manufacturer: Microsoft Corporation. Reconfiguration success or error status: 0. Log Name: Application Level: Information Source: MsiInstaller User: NT AUTHORITY\SYSTEM Event Id:1035 Logged ID: 7682"
According to some additional information I ran into this might be related to an application audit. Is ATERA doing this daily? We may have a vendor that uses remote access tools to assist on a particular project and perhaps their tool is doing an audit scan of some kind?
0
Topics
- All Topics
- 62 Getting started
- 27 Read before posting
- 9 Meet and greet
- 331 General
- 77 News and announcements
- 2 Swag
- 6 Roadmap updates
- 1 Product Survey
- 101 Resources
- 1 Onboarding
- 17 Knowledge Base
- 23 Webinars
- 1 Shared Script Library
- 3 Blog
- 24 Pro Tips
- 30 Got an idea?
- 3 Atera Academy
- 8 ActionAI
- 5 Copilot
- 225 Remote Monitoring and Management
- 92 Remote Monitoring
- 30 Patch Management
- 121 Professional Services Automation
- 73 Helpdesk
- 18 Billing
- 24 Reporting
- 44 Integrations & add-ons
- 23 Integrations
- 12 Add-ons
- 118 Scripting and automations
- 67 Scripts
- 36 Automations