Windows Update Details - OS Test

Microsoft regularly releases various Windows updates to enhance and protect the Windows operating system. These updates are also applicable for the Windows virtual desktops on the VMs. The Windows updates fix newly discovered security holes and bugs, add malware definitions to Windows Defender and Security Essentials utilities, strengthen Office security and add new features/enhancements to the Windows operating system. By installing these updates regularly, you can keep the operating system highly secure, reliable and stable, and can maintain the performance of the operating system at peak. If the operating system is not updated regularly, the critical bugs and security errors may increase vulnerabilities. These vulnerabilities can be exploited by the malware or hackers, thus exposing the operating system to malicious attacks and degrading the operating system's performance. To avoid such eventualities, you should regularly check whether the Windows operating system is up-to-date or not. This check can be easily done using the Windows Update Details - OS test.

This test continuously monitors the Windows operating system and reports the current status of the Windows updates on the operating system. Besides, this test indicates whether any update is pending for the operating system and whether the Windows system is rebooted or not. In the process, this test also reports the total number of updates to be installed for the operating system and the number of Windows updates of different types at regular intervals.

This test is disabled by default. To enable the test, go to the enable / disable tests page using the menu sequence : Agents -> Tests -> Enable/Disable, pick Microsoft Windows as the desired Component type, set Performance as the Test type, choose the test from the disabled tests list, and click on the < button to move the test to the ENABLED TESTS list. Finally, click the Update button.

Target of the test : A Nutanix AHV/ Nutanix AHV-VDI server

Agent deploying the test : A remote agent

Outputs of the test : One set of results for every security product:provider combination on each Windows VMs on the target server.

Configurable parameters for the test
Parameter	Description
Test Period	How often should the test be executed
Host	The host for which the test is to be configured.
Port	The port at which the specified host listens. By default, this is NULL
Prism Element IP	If the eG manager had discovered the target Nutanix AHV server by connecting to the Nutanix Prism Element, then the IP address of the Nutanix Prism Element server used for discovering this Nutanix AHV server would be automatically displayed against the Prism Element IP parameter; similarly, the Prism Element User and Prism Element Password text boxes will be automatically populated with the Prism Element user credentials, using which Nutanix AHV discovery was performed. If this Nutanix AHV server has not been discovered using the Nutanix Prism Element, but you still want to monitor the Nutanix AHV server via the Prism Element, then select the IP address of the Prism Element server that you wish to use for monitoring the Nutanix AHV server from the Prism Element IP list. By default, this list is populated with the IP address of all Nutanix Prism Element hosts that were added to the eG Enterprise system at the time of discovery. Upon selection, the Prism Element user and Prism Element Password that were pre-configured for that Nutanix Prism Element will be automatically displayed against the respective text boxes. On the other hand, if the IP address of the Prism Element server of interest to you is not available in the list, then, you can add the details of the Prism Element server on-the-fly, by selecting the Other option from the Prism Element IP list. This will invoke the MANAGER DISCOVERY - VIRTUAL PLATFORM SETTINGS page. Refer to the Configuring eG Enterprise to Monitor Nutanix AHV topic for details on how to use this page.
Prism Element User, Prism Element Password and Confirm Password	If the eG manager had discovered the target Nutanix AHV server by connecting to the Nutanix Prism Element, then the IP address of the Nutanix Prism Element server used for discovering this Nutanix AHV server would be automatically displayed against thePrism Element IP parameter; similarly, the Prism Element User and Prism Element Password text boxes will be automatically populated with the Prism Element user credentials, using which Nutanix AHV discovery was performed. If this Nutanix AHV server has not been discovered using the Nutanix Prism Element, but you still want to monitor the Nutanix AHV server via the Prism Element, then select the IP address of the Prism Element server that you wish to use for monitoring the Nutanix AHV server from the Prism Element IP list. By default, this list is populated with the IP address of all Nutanix Prism Element hosts that were added to the eG Enterprise system at the time of discovery. Upon selection, the Prism Element User and Prism Element Password that were pre-configured for that Prism Element server will be automatically displayed against the respective text boxes. On the other hand, if the IP address of the Prism Element server of interest to you is not available in the list, then, you can add the details of the Prism Element server on-the-fly, by selecting the Other option from the Prism Element IP list. This will invoke the MANAGER DISCOVERY - VIRTUAL PLATFORM SETTINGS page. Refer to the Configuring eG Enterprise to Monitor Nutanix AHV topic for details on how to use this page.
SSL	By default, the Nutanix Prism Element server is SSL-enabled. Accordingly, the SSL flag is set to Yes by default. This indicates that the eG agent will communicate with the Prism Element server via HTTPS by default.
WebPort	By default, the Nutanix Prism Element server listens on port 9440. This implies that while monitoring a Nutanix AHV server via the Prism Element server, the eG agent connects to port 9440.
Exclude VMs	Administrators of some virtualized environments may not want to monitor some of their less-critical VMs - for instance, VM templates - both from 'outside' and from 'inside'. The eG agent in this case can be configured to completely exclude such VMs from its monitoring purview. To achieve this, provide a comma-separated list of VMs to be excluded from monitoring in the Exclude VMs text box. Instead of VMs, VM name patterns can also be provided here in a comma-separated list. For example, your Exclude VMs specification can be: xp,lin,win,vista. Here, the * (asterisk) is used to denote leading and trailing spaces (as the case may be). By default, this parameter is set to none indicating that the eG agent obtains the inside and outside views of all VMs on a virtual host by default. By providing a comma-separated list of VMs/VM name patterns in the Exclude VMs text box, you can make sure the eG agent stops collecting 'inside' and 'outside' view metrics for a configured set of VMs.
Ignore VMs Inside View	Administrators of some high security Hyper-V environments might not have permissions to internally monitor one/more VMs. The eG agent can be configured to not obtain the 'inside view' of such ‘inaccessible’ VMs using the Ignore VMs Inside View parameter. Against this parameter, you can provide a comma-separated list of VM names, or VM name patterns, for which the inside view need not be obtained. For instance, your Ignore VMs Inside View specification can be: xp,lin,win,vista. Here, the * (asterisk) is used to denote leading and trailing spaces (as the case may be). By default, this parameter is set to none indicating that the eG agent obtains the inside view of all VMs on a Hyper-V host by default. Note: While performing VM discovery, the eG agent will not discover the operating system of the VMs configured in the Ignore VMs Inside View text box.
Ignore WINNT	By default, the eG agent does not support the inside view for VMs executing on Windows NT operating systems. Accordingly, the Ignore WINNT flag is set to Yes by default.
Inside View Using	By default, this test obtains the “inside view” of VMs using the eG VM Agent. Accordingly, the Inside view using flag is set to eG VM Agent by default. The eG VM Agent is a piece of software, which should be installed on every VM on a hypervisor. Every time the eG agent runs this test, it uses the eG VM Agent to pull relevant 'inside view' metrics from each VM. Once the metrics are collected, the eG agent then communicates with each VM agent and pulls these metrics, without requiring administrator privileges. Refer to Configuring the Remote Agent to Obtain the Inside View of VMs for more details on the eG VM Agent.
Domain, Admin User, and Admin Password, and Confirm Password	By default, these parameters are set to none. This is because, by default, the eG agent collects 'inside view' metrics using the eG VM agent on each VM. Domain administrator privileges need not be granted to the eG agent if it uses this default approach to obtain the 'inside view' of Windows VMs.
Report By User	While monitoring a Nutanix AHV server, the Report By Userflag is set to No by default, indicating that by default, the guest operating systems on the AHV server are identified using the hostname specified in the operating system. On the other hand, while monitoring AHV desktop environments, this flag is set to Yes by default; this implies that in case of VDI servers, by default, the guests will be identified using the login of the user who is accessing the guest OS. In other words, in VDI environments, this test will, by default, report measures for every username_on_virtualmachinename.
Report Powered OS	This flag becomes relevant only if thereport by user flagis set to ‘Yes’. If the Report Powered OS flag is set to Yes (which is the default setting), then this test will report measures for even those VMs that do not have any users logged in currently. Such guests will be identified by their virtualmachine name and not by the username_on_virtualmachinename. On the other hand, if the Report Powered OS flag is set to No, then this test will not report measures for those VMs to which no users are logged in currently.
DD For Total Updates	In large VDI environments where hundreds of Windows virtual desktops have been provisioned, the frequent collection of detailed diagnosis information related to the update details of the virtual desktops may increase the processing overheads of the eG agent, and may even choke the eG database. To avoid this, by default, the DD For Total Updates flag is set to No indicating that this test will not report the detailed diagnostics for the Total Updates Available measure. However, you can set this flag to Yes if you want to collect the detailed diagnostics of the Total Updates Available measure.
DD Frequency	Refers to the frequency with which detailed diagnosis measures are to be generated for this test. The default is 1:1. This indicates that, by default, detailed measures will be generated every time this test runs, and also every time the test detects a problem. You can modify this frequency, if you so desire. Also, if you intend to disable the detailed diagnosis capability for this test, you can do so by specifying none against DD frequency.
Detailed Diagnosis	To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option. The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled: The eG manager license should allow the detailed diagnosis capability Both the normal and abnormal frequencies configured for the detailed diagnosis measures should not be 0.

Measurements made by the test

Measurement

Description

Measurement Unit

Interpretation

Are pending updates available?

Indicates whether/not the updates are pending.

The values that this measure can report and the numeric values they indicate have been listed in the table below:

Measure Value	Numeric Value
No	0
Yes	1

Note:

By default, this measure can report the Measure Values mentioned above while indicating whether/not the updates are available. However, the graph of this measure is indicated using the numeric equivalents.

Is a system reboot pending?

Indicates whether the Windows system is rebooted or not.

The values that this measure can report and the numeric values they indicate have been listed in the table below:

Measure Value	Numeric Value
No	0
Yes	1

Note:

By default, this measure can report the Measure Values mentioned above while indicating whether the system is rebooted or not. However, the graph of this measure is indicated using the numeric equivalents.

Windows update service status

Indicates the current status of the Windows update service.

The values that this measure can report and the numeric values they indicate have been listed in the table below:

Measure Value	Numeric Value
Unknown	0
Running	1
Start pending	2
Continue pending	3
Pause pending	4
Stop pending	5
Paused	6
Stopped	7

Note:

By default, this measure can report the Measure Values mentioned above while indicating the current status of Windows update service. However, the graph of this measure is indicated using the numeric equivalents.

Total updates available

Indicates the total number of Windows updates available for the Windows operating system.

Number

The detailed diagnosis of this measure, if enabled, lists the Windows updates available for the system and the categories of the available updates.

Critical updates available

Indicates the number of critical updates available for the Windows operating system.

Number

A critical update is a widely and frequently released update that deals with the specific, non-security related, critical bugs. If these bugs are not fixed quickly, they can cause serious performance degradation, interoperability malfunction or disturb application compatibility.

Important updates available

Indicates the number of important updates available for the Windows operating system.

Number

The important updates help fixing the vulnerabilities using which malware/hackers can exploit the system resources or steal data. This in tun may leave the confidentiality and integrity of the system defenseless and make the user data unavailable.

Moderate updates available

Indicates the number of moderate security updates available for the Windows operating system.

Number

The moderate updates fix a vulnerability whose exploitation can be mitigated to a significant degree by default configuration, auditing, or difficulty of exploitation.

Low updates available

Indicates the number of low security updates available for the Windows operating system.

Number

These updates fix the vulnerability whose exploitation is extremely difficult.

Optional updates available

Indicates the number of optional updates available for the Windows operating system.

Number

An optional update includes Feature Pack and standard Updates, and does not have a severity rating.