Slow/Inaccurate Kaseya Patch Scans with Windows 7 SP1

To avoid problems with patching Windows 7 SP1 machines,  Virtual Administrator is recommending running both of these agent procedures on all Windows 7 SP1 machines that have older versions of the Windows Update Client.   Those of you that are on VA’s on-prem KServers, can locate the scripts in the VA Scripts-> Patch Deployment folder.  Everyone else can find them on our ClubMSP site.(

“Procedure Windows 7 Slow Patch Scan Part 1 (KB3177467)”

“Procedure Windows 7 Slow Patch Scan Part 2 (KB3172605)”

NOTE:  Both will reboot the end point and need to be run in order – Part1 then Part 2.  If a user is logged in a warning message will appear on the screen warning them their machine will reboot in 5 minute. This is a forced reboot.  They should probably be run after hours.

For most of 2016 Microsoft has been wrestling with a problem causing Windows 7 patch scans to take hours. They have not produced a reliable way to identify the affected machines, or clear guidance on how to correct. If you Google “windows 7 slow patch scans” and you will see what we mean. Slow scan times really shouldn’t affect your ability to patch with Kaseya as long as the results are accurate. However we have seen cases where the patch results were not accurate which makes this a potentially huge problem

We have found installing KB3177467 and KB3172605 should fix the Windows Update Client and alleviate these issues.

The latest WUA version is 7.6.7601.23453 and gets installed with KB3172605. Normally we could use Kaseya to find machines missing KB3172605 and push out the patch to those agents. However because the patch scan results themselves are suspect we can’t.  Therefore we need to find which Windows 7 SP1 machines do not have WUA version 7.6.7601.23453. That information comes from the Kaseya Audit. Our on-prem KServers have a shared view “WUA Missing wuauclt.exe 7.6.7601.23453”

To properly find agents with older Windows Update Client, do the following:

Create a View in Kaseya which filters for:

  1. Under OS Info – OS Select “Windows 7″ and OS Version filter *7601*

Under Applications – Missing Application “wuauclt.exe” and Version equal to “7.6.7601.23453view-old-wua-client

Once this filter is applied you will show only those agents that potentially have the slow scan problem. If either KB is already installed the installation will exit but the machine will still reboot. Each script should complete in a few minutes. You can schedule them through Kaseya but make sure you allow enough time for Part 1 to finish and reboot before running Part 2 (So space them out 20-30 min or so to be safe).

NOTE:   KB3020369 is superseded by KB3177467. Both patches have a known issue where the machine will get stuck showing “Stage 3 of 3” on reboot. The “fix” is to press Ctrl+Alt+Delete to continue to log on. This should not be a problem when using the agent procedure. It does not occur when the KB is installed manually.

Please let us know if you run into any problems, or have any suggestions for improvement.