Export (0) Print
Expand All
2 out of 2 rated this helpful - Rate this topic

Version Detection Logic

It is important to have consistent IsInstalled and IsInstallable version checks for command-line installers, otherwise patches that do not apply may show up as having being installed.

Previous IsInstalled logic

Historically, updates were considered "installable" if they had not been installed on a platform that meets the requirements for the update. This led to a schema with only one element for determining whether or not an update is "installed". If the update was not installed, it was determined to be "installable". Applicability rules then took a form like the following:

If the file is a version that has the fix (installed)

OR

If the file doesn't even exist on the box (not needed)

The XML took the following form:

<lar:Or>
   <bar:FileVersion Csidl="37" Path="\wmp.dll" Comparison="GreaterThanOrEqualTo" Version="9.0.0.3344" /> 
   <lar:Not>
      <bar:FileExists Csidl="37" Path="\wmp.dll" /> 
   </lar:Not>
</lar:Or>

If the expression evaluated to true, the update was not available for installation.

Current IsInstalled/IsInstallable logic

The XML schema for applicability rules has now been expanded to provide more complete update status reports. For example, WSUS reports the difference between "Installed", "Not Installed but Applicable", and "Not Applicable" updates. In order to distinguish between the three states, the rules need to use more than one set of conditions. This led to the addition of a new IsInstallable element to the applicability rules. With this change, "installable" is no longer simply the opposite of "installed".

In addition, Microsoft Update now distributes patches for out-of-band products that span multiple operating system versions and multiple major versions of the product. For example, Windows Media Player versions 8, 9 and 10 have different patches for the same vulnerability covered by the same bulletin. The applicability rules need to say that a given update is installable if, for example, version 9 of Windows Media Player is installed, but it is not installable if version 8 or version 10 is installed. The IsInstallable element should look like the following:

<lar:And >
   <bar:FileVersion Path="\wmp.dll" Comparison="GreaterThanOrEqualTo" Version="9.0.0.2980" Csidl="37" /> 
   <bar:FileVersion Path="\wmp.dll" Comparison="LessThan" Version="10.0.0.0" Csidl="37" /> 
</lar:And>

The reported update status would be as follows:

If IsInstalled then report the update as Installed

ElseIf IsInstallable then report the update as Not Installed but Applicable

Else report the update as Not Applicable

This allows administrators to determine which computers have an update, which computers do not have the update but need it, and which computers do not need it.

Problems in detecting multiple versions of the product

Many out-of-band products have multiple versions (for example, Windows Media Player versions 8, 9, 10) that can be installed on different versions of the operating system. Therefore any version or combination of versions of Windows Media Player might be present on any particular platform. The IsInstalled logic for an update to Windows Media Player 9 might be written as:

<lar:Or>
   <bar:FileVersion Csidl="37" Path="\wmp.dll" Comparison="GreaterThanOrEqualTo" Version="9.0.0.3344" /> 
   <lar:Not>
      <bar:FileExists Csidl="37" Path="\wmp.dll" /> 
   </lar:Not>
</lar:Or>

This logic will not give the correct results. The following are two examples in which this logic is insufficient.

  1. Windows 2000 SP4 ships Windows Media Player 6.4, which does not include a copy of wmp.dll. In that case, the expression <lar:Not><bar:FileExists Csidl="37" Path="\wmp.dll" /></lar:Not> evaluates to true, so the update for Windows Media Player 9 is reported as IsInstalled.

  2. If Windows Media Player 10 is installed on the same platform, the expression <bar:FileVersion Csidl="37" Path="\wmp.dll" Comparison="GreaterThanOrEqualTo" Version="9.0.0.3344" /> evaluates to true, so the update for Windows Media Player 9 is reported as IsInstalled.

In the second example, it is likely that the update for Windows Media Player 10, which covers the same Security Bulletin, is also reported as IsInstalled, adding still more to the confusion.

Faulty detection logic can lead to installation of unneeded (and unapproved) updates or incorrect reporting of update status.

Recommendations for IsInstalled/IsInstallable logic

  1. Use the PopulatePackage methods to start filling in the applicability rules for all types of package.

  2. The IsInstalled element and the IsInstallable element should include the same logic. For example, whenever the IsInstallable logic has a FileVersion check that has an upper and lower bound, the IsInstalled element must also have a FileVersion check that has an upper and lower bound.

  3. Remove the check for the existence of the file in determining whether or not an update IsInstalled. The file version evaluation implies that the file exists.

The final IsInstalled/IsInstallable elements would look as follows:

<IsInstalled >
   <lar:And >
      <bar:FileVersion Csidl="37" Path="\wmp.dll" Comparison="GreaterThanOrEqualTo" Version="9.0.0.3344" /> 
      <bar:FileVersion Csidl="37" Path="\wmp.dll" Comparison="LessThan" Version="10.0.0.0" /> <!-- determined by upper bound in IsInstallable element -->
      <lar:Not>
         <bar:FileExists Csidl="37" Path="\wmp.dll" /> 
      </lar:Not>
   </lar:And >
</IsInstalled >
<!-- no changes here -->
<IsInstallable >
<lar:And >
  <bar:FileVersion Path="\wmp.dll" Comparison="GreaterThanOrEqualTo" Version="9.0.0.2980" Csidl="37" /> 
  <bar:FileVersion Path="\wmp.dll" Comparison="LessThan" Version="10.0.0.0" Csidl="37" /> 
</lar:And>
</IsInstallable >

Example

The following are some examples of applicability rules in different types of update metadata files.

Windows Installer detection logic
<sdp:ApplicabilityRules>
   <sdp:IsInstalled>
        <msiar:MsiApplicationInstalled />
   </sdp:IsInstalled>
   <sdp:IsSuperseded>
        <msiar:MsiApplicationSuperseded />
   </sdp:IsSuperseded>
   <sdp:IsInstallable>
        <msiar:MsiApplicationInstallable />
        "<bar:WindowsVersion Comparison='GreaterThanOrEqualTo' MajorVersion='6' MinorVersion='0' />
   </sdp:IsInstallable>
   <sdp:Metadata>
        <msiar:MsiApplicationMetadata>
        <msiar:ProductCode>{10867FC2-98D9-475F-8099-F14A75180E42}</msiar:ProductCode>
        </msiar:MsiApplicationMetadata>  
   </sdp:Metadata>
</sdp:ApplicabilityRules>
MSP detection logic
<sdp:ApplicabilityRules>
   <sdp:IsInstalled>
        <msiar:MsiPatchInstalled />
   </sdp:IsInstalled>
   <sdp:IsSuperseded>
       <msiar:MsiPatchSuperseded />
   </sdp:IsSuperseded>
   <sdp:IsInstallable>
        <msiar:MsiPatchInstallable />
   </sdp:IsInstallable>
   <sdp:Metadata>
        <msiar:MsiPatchMetadata>
            <mspblob:MsiPatch>
                <mspblob:TargetProduct MinMsiVersion="3">
                <mspblob:TargetProductCode>{17D63289-8917-4a92-BA76-FDFE6E3E176F}</mspblob:TargetProductCode>
                <mspblob:TargetVersion ComparisonType="Equal">7.2</mspblob:TargetVersion>
                <mspblob:TargetLanguage Validate="true">1033</mspblob:TargetLanguage>
                <mspblob:UpdatedLanguages>1033</mspblob:UpdatedLanguages>
                <mspblob:UpgradeCode>{17D63289-8917-4a92-BA76-FDFE6E3E176F}</mspblob:UpgradeCode>
                </mspblob:TargetProduct>
                <mspblob:TargetProductCode>{17D63289-8917-4a92-BA76-FDFE6E3E176F}</mspblob:TargetProductCode>
            </mspblob:MsiPatch>
        </msiar:MsiPatchMetadata>
   </sdp:Metadata>
</sdp:ApplicabilityRules>
EXE detection logic
<sdp:ApplicabilityRules>
   <sdp:IsInstalled>
        <lar:And>
            <bar:FileExists Path="%windir%\sample1.dll" Version="1.0.0.1" />
            <bar:FileExists Path="%windir%\sample2.dll" Version="1.0.0.1" />
        </lar:And>
   </sdp:IsInstalled>
   <sdp:IsInstallable>
         <bar:WindowsLanguage Language="en"/>
   </sdp:IsInstallable>
</sdp:ApplicabilityRules>
Detectoid detection logic

The following applicability rules test whether or not the computer is a Dell computer.

<sdp:IsInstalled>
    <bar:WmiQuery Namespace="Root\CIMv2" WqlQuery="SELECT * FROM Win32_ComputerSystem WHERE Manufacturer LIKE 'Dell%'" />
</sdp:IsInstalled>
Driver detection logic

The following example uses built-in driver detection rules.

<sdp:ApplicabilityRules>
   <sdp:IsInstalled>
        <drv:WindowsDriverInstalled/>
   </sdp:IsInstalled>
   <sdp:IsSuperseded>
        <drv:WindowsDriverSuperseded/>
   </sdp:IsSuperseded>
   <sdp:IsInstallable>
        <drv:WindowsDriverInstallable/>
   </sdp:IsInstallable>
   <sdp:Metadata>
        <drv:WindowsDriverMetaData HardwareID="PCI\VEN_1000&amp;DEV_0408&amp;SUBSYS_00011028" WhqlDriverID="0" Manufacturer="Dell" Provider="Dell" Model="Dell 8200" Company="Dell" Class="Raid" DriverVerDate="2004-07-16" DriverVerVersion="5.48.0.0"/>
        <drv:WindowsDriverMetaData HardwareID="PCI\VEN_1000&amp;DEV_0408&amp;SUBSYS_00021028" WhqlDriverID="0" Manufacturer="Dell" Provider="Dell" Model="Dell 8000" Company="Dell" Class="Raid" DriverVerDate="2004-07-16" DriverVerVersion="5.48.0.0"/>
   </sdp:Metadata>
</sdp:ApplicabilityRules>
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.