jhusd
commented
4 months ago I believe I found the issue with the WSUS parameter not working. In the powershell script (Get Available Windows Updates.ps1) the portion of code evaluating the parameter ($WSUS) was calling the wrong update service:
If ($WSUS) { $GWU = Get-WindowsUpdate -WindowsUpdate
From what I read here (https://gist.github.com/cfebs/c9d83c2480a716f6d8571fb6cc80fd59) the correct call to use WSUS was this: $GWU = Get-WindowsUpdate -ServiceID '3da21691-e39d-4da6-8a4b-b43877bcb1b7'
So I changed it in the code and it actually worked!
I've deployed this scanner in our test environment which includes a WSUS server and endpoints setup to use WSUS for updates. It doesn’t appear that the scanner is taking WSUS into account. The results it’s return includes updates which are not approved in WSUS. Such as the VMware Display driver in the screenshot. I've setup the scanner with the -wsus parameter in place (see screenshot).
