How do you scan and patch 1500+ computers
|
Logged in as: Guest
|
|
Users viewing this topic:
none
|
|
Login  | |
|
How do you scan and patch 1500+ computers - 18.Aug.2009 10:38:36 AM
|
|
|
jiffy999
Posts: 5
Joined: 18.Aug.2009
Status: offline
|
For anyone that has a lot of computers to patch how do you have Languard setup?
I've scanned one subnet (254 hosts) it took 3+ hours to scan and remediate. I even limited what patches to scan for and changed some scanning options to exclude the extra stuff. So I'm justing finding Languard to be very inefficient and time consuming to patch a large amount of computers.
There may be a better method to patching with langard but I do not know that method. That is the point of this thread so others can share how they have languard setup to patch a large amount of computer systems.
|
|
|
|
|
RE: How do you scan and patch 1500+ computers - 18.Aug.2009 10:48:07 AM
|
|
|
hskelton
Posts: 39
Joined: 1.Dec.2005
From: Nashville TN
Status: offline
|
I don't know why it should take you so long to patch a class C subnet. It typically takes me 20-30 minutes. Perhaps it's a network issue?
|
|
|
|
|
RE: How do you scan and patch 1500+ computers - 18.Aug.2009 10:52:36 AM
|
|
|
jiffy999
Posts: 5
Joined: 18.Aug.2009
Status: offline
|
Not network. Server is connected to Gig switch with gig backbone. If I use Microsoft's baseline scanner it will scan the same subnet in half the time it takes Languard.
|
|
|
|
|
RE: How do you scan and patch 1500+ computers - 18.Aug.2009 11:41:18 AM
|
|
|
jiffy999
Posts: 5
Joined: 18.Aug.2009
Status: offline
|
I just ran this test both scans done on the same subnet and both ran from the same server.
Class C subnet (254 hosts)
Microsoft baseline Analyzer Scan took 6 Min.
GFI languard took 21 min. (This scan also only scanned for missing August 09 patches)
Why does GFI take so long. This was an expensive product and Microsofts free product performs way faster.
|
|
|
|
|
RE: How do you scan and patch 1500+ computers - 18.Aug.2009 4:08:53 PM
|
|
|
mblinde
Posts: 62
Status: offline
|
Have you disabled the port scans both TCP, UDP, and the software/hardware auditing portions of the scan? Also are you disabling these on the actual profile that is set to active? If you change it on one profile but your scan is set to use something different you will see no change in performance.
Also this product is a vulnerability scanner not a missing patches scanner. The MBSA is NOT a vulnerability scanner but merely a missing patch scanner and for only Microsoft products. Comparing the two together is like comparing a butter knife to a Swiss army knife. One is meant to do one very basic task and the other is a utility knife for many uses.
< Message edited by mblinde -- 18.Aug.2009 4:15:50 PM >
|
|
|
|
|
RE: How do you scan and patch 1500+ computers - 18.Aug.2009 4:36:33 PM
|
|
|
jiffy999
Posts: 5
Joined: 18.Aug.2009
Status: offline
|
quote:
ORIGINAL: mblinde
Also this product is a vulnerability scanner not a missing patches scanner. The MBSA is NOT a vulnerability scanner but merely a missing patch scanner and for only Microsoft products. Comparing the two together is like comparing a butter knife to a Swiss army knife. One is meant to do one very basic task and the other is a utility knife for many uses.
Yes and sadly the butter knife works waaayyyyy better than the army knife.
|
|
|
|
|
RE: How do you scan and patch 1500+ computers - 18.Aug.2009 4:46:43 PM
|
|
|
jiffy999
Posts: 5
Joined: 18.Aug.2009
Status: offline
|
quote:
ORIGINAL: mblinde
Have you disabled the port scans both TCP, UDP, and the software/hardware auditing portions of the scan? Also are you disabling these on the actual profile that is set to active? If you change it on one profile but your scan is set to use something different you will see no change in performance.
Yes as I said I disabled all the extra scanning stuff. The Network & software Audit Options are disabled but it still scans USB ports and registry. Whats the point in buying an expensive swiss army knife if I can't put the other knifes away and use only the knife I want? Seriously I should be able to disable all these things and do a quick scan ONLY OF MISSING PATCHES.
|
|
|
|
|
RE: How do you scan and patch 1500+ computers - 19.Aug.2009 8:42:10 AM
|
|
|
DrewE
Posts: 1058
Joined: 28.Apr.2008
From: Cary, NC
Status: offline
|
Is there any AntiVirus software running on the GFI Languard machine? Perhaps a firewall between either of the two machines (hardware or software)
Also, are the machines physically in the same building? Are they on the same floor?
_____________________________
Drew Easley - Technical Support Representative
GFI Software - www.gfi.com
|
|
|
|
|
RE: How do you scan and patch 1500+ computers - 17.Sep.2009 5:40:25 PM
|
|
|
geo
Posts: 7
Joined: 21.Jan.2009
Status: offline
|
Try cranking up the number of threads from the default (3). I have mine on 7 threads and it sped up the scans considerably. Make sure your hardware can handle it; we have a Quad-Core Vista Box with 4GB of RAM. BTW, I'm scanning over 8000 hosts.
Geo
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
Printable Version
