Patch Reporting for Adobe Flash = Broken?

Valued Contributor II

I just realized that Patch Reporting for Adobe Flash Player is no longer working.

After the recent update (which patched last week, which in-turn patched in May), I realized that Patch Reporting is no longer working. My JSS has no idea regarding which Macs are up to date and which Macs are not. Never seen this behavior before.

JSS version 9.93
Patch Reporting "sees" that is the most current version available.
Policy, Patch Reporting and the related Smart Groups have been working great for almost a year. Nothing has changed (other than the Flash version itslef). No issues until now.
Inventory is working correctly. The Plug-Ins section of JSS computer records correctly shows the version of Flash (my Macs currently have either or, but Patch Reporting is confused.

As a test, I I flushed the logs on the Policy and verified the integrity of my pkg installer, and double checked all my settings. Everything looked perfect. I ran recon on a few Macs to see if the JSS would properly determine what Macs were out of date. No luck.

I rebuilt the following items from scratch:

-Patch Reporting
-Smart Group
-Adobe Flash Player package installer (from an AutoPKG recipie)

After rebuilding all of the items above, the JSS still has no idea about Flash versions (shows "0" installed/not installed or "unknown version")

My workaround was to delete both the Patch Reporting Title and Smart Group again, and build a new Smart Group with the older-style critiera of

-Plug-in TItle -HAS- Flash Player.plugin
-Plug-In Version -IS NOT-

This "old-fashioned" method working for me now. I wont relace it with "modern" Patch Reporting until I determine what happened.


(Edit - meant to tag it with Flash Player, but selected Firefox by mistake)


Contributor II

Yes - change the smart group rule

From: Plug-in TItle -HAS- Flash Player.plugin Plug-In Version -IS NOT-

To: Plug-in TItle -HAS- Flash Player.plugin Plug-In Version -NOT LIKE-

The reason for this is that: "IS NOT" is trying to do a numeric comparison…
and "" is not a number… it's a string…

So you need to use the string comparator, which is: " LIKE / NOT LIKE "

Since we are specifying: "" it will be doing an EXACT String comparison…
which is what you want.

Where as if we specify: "NOT LIKE" 26.0 - that is not exact, and would provide only a fuzzy match
matching almost any Vn 26..
Although I would choose the exact form: a full string match on:, that way something like would not match, and only precisely would match.

Valued Contributor

The JSS should be able to handle this with "Patch Reporting: Adobe Flash Player" <less than>"

Flash is one of the natively-supported patch reporting titles, therefore it can handle "greater/less than"

I'd re-recon all systems if possible and let it re-generate the data if necessary.

Esteemed Contributor III

We haven't used this feature yet but would assume it is aware of version history?


Valued Contributor

Yes - for the titles supported, it tracks the versions and will let you apply "less than/greater than" logic to them for your smart groups. Working fairly well for us so far, only complaint is that the list of supported titles doesn't cover everything in our environment.

Valued Contributor II

In past versions of the JSS, we would have to run an extension attribute to gather the current version of Adobe Flash Player. Now the JSS does this natively.

If you are running 9.93+, I'd second @Taylor.Armstrong's suggestion: change your smart group criteria to "Patch Reporting Version" and set the version number there, as this allows for more intelligent version comparison.

Valued Contributor II

Thanks everyone.

Sorry if I wasnt clear: My point of this post is that Patch Reporting (for Adobe Flash Player specifically) is now "broken" on my JSS for some reason. It just happend in the last week (around the time or dropped).

I had no choice but to resort back to an old-school method of tracking Flash versions until I can determine what went wrong with Patch Reporting - and fix it.

You can see in my screenshots below that my JSS thinks none of my managed Macs arent running ANY version of Adobe Flash. This is not correct . They are running version or A few IT Macs have as well. But my JSS has no clue.

Other Patch Reports are runing fine (Firefox, Office 2016 apps, Java 8, etc).



Valued Contributor

Thanks Dan - I DID wonder if I was mis-understanding the issue. Have you re-run inventory? This sounds potentially like something screwed up in the database.

FWIW, I just pushed out to production today. I can confirm that patch reporting IS working as expected for me - showing 46% of machines on latest version so far.

Valued Contributor II

@dstranathan : if you just cleared and reset the patch reporting item, it takes the server a few minutes to calculate the information. We have 8,000 Macs and I had "zero" Macs show up. So I waited a couple of minutes and refreshed. Does refreshing this page do anything?

New Contributor II

Having the same problem here. Patch reporting is not working anymore, though we haven't changed anything. Our problem started around the same time. All Flash versions are being reported as "unknown" here, though.

Valued Contributor II

Patch Reporting is still not 100% accurate for my environment (Jamf 9.99 here). I'm back to using 'home-made' EAs for my Flash and Java patching. I don't have a warm n fuzzy feeling about Jamf's Patch least not yet.

Contributor III

Know this is an old thread, Just set up patch reporting for Adobe Flash and it only reports it on 7 computers total. My "is installed" smart group shows 126, so wondering if this is related. Right now I'm doing a hybrid approach to try and get flash up to date, curious if going through a cycle of getting other users up to date will help with this.

Valued Contributor

@strayer If you force a recon to gather inventory on systems it will make the patch management numbers catch up to your smart group numbers more quickly. Some sort of extension runs when you enable each patch management title. These extensions to gather the information for patch management were not running at each recon before the enabling of the patch management title.