[ZBXNEXT-5707] Add template Windows updates check (Windows registry monitoring) Created: 2020 Jan 22  Updated: 2025 Jun 12  Resolved: 2025 Jun 12

Status: Closed
Project: ZABBIX FEATURE REQUESTS
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: New Feature Request Priority: Major
Reporter: Ivan Degtyarev Assignee: Zabbix Development Team
Resolution: Duplicate Votes: 24
Labels: None
Σ Remaining Estimate: Not Specified Remaining Estimate: Not Specified
Σ Time Spent: Not Specified Time Spent: Not Specified
Σ Original Estimate: Not Specified Original Estimate: Not Specified

Attachments: JPEG File winupdate.jpg    
Issue Links:
Duplicate
is duplicated by ZBXNEXT-8900 Official Windows update Template moni... Closed
Sub-Tasks:
Key
 Summary
 Type
 Status
 Assignee
ZBXNEXT-7594 Frontend changes for Windows registry... Specification change (Sub-task) Closed Dmitrijs Goloscapovs  
ZBXNEXT-7732 Windows registry monitoring Specification change (Sub-task) Closed Dmitrijs Goloscapovs  
Team: Team INT
Sprint: Sprint 86 (Mar 2022), Sprint 87 (Apr 2022)

 Description   

Create linked template (Template OS Windows by Zabbix agent and Template OS Windows by Zabbix agent active) to check the date of the last update installation on Windows.

In Zabbix Roadmap:

Security and compliance monitoring

  • Standard templates will be enhanced to contain security- and compliance-related monitoring

Example item key: system.run["PowerShell.exe [int][double]::Parse((Get-Date((Get-ItemProperty -Path Registry::'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install').LastSuccessTime) -UFormat %s))"] 
But you can think about implementing it without powershell.
 
You can also make a check to check the status of the firewall.
 

 Comments   
Comment by Ivan Degtyarev [ 2020 Jan 22 ]

In Inherited and template macros, create Macro with Effective value for redefine the number of days without installing updates

Comment by Alexei Vladishev [ 2020 Jan 31 ]

It sounds like a great idea, let us check if it can be implemented without use of system.run.

Comment by Alexei Vladishev [ 2022 Apr 08 ]

Just a quick status update. We are about to start development of this functionality, aiming for Zabbix 6.2.

Comment by Dmitrijs Goloscapovs [ 2022 May 19 ]

Development of new metrics (without template changes) for monitoring of Windows registry was moved to ZBXNEXT-7732.

Monitoring of Windows updates using registry seems not to provide real latest info about updates. Sources other than registry should be considered.
Some categories of updates are being installed, but they do not change a timestamp in registry (for example, KBxxxxx updates for Windows Defender, UWP apps, drivers). In such cases eventlog will contain records about successfully installed updates (with event ID 19, and source as WindowsUpdateClient), but timestamp in registry will not be changed. Judging by this fact, Eventlog can be the right source, as WMI behaves similarly to registry. However, eventlog monitoring is available only as active check.

Windows registry monitoring metrics are available in:

Comment by dimir [ 2023 Dec 18 ]

While implementing registry monitoring was mentioned above this is not what was asked for (Windows Update monitoring). Keeping this open.

Generated at Wed Jul 16 10:20:51 EEST 2025 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.