When hotfix versions are released for GlobalProtect, since the detection rules look at the registry (which only contains the X.Y.Z portion of the version, ex: 6.2.8) the updates are shown as being already installed in Intune/WSUS. Can future detection rules look at something that includes the revision number, such as the version of the PanGPS executable which includes the release version (ex: 6.2.8.317) or possibly the MSI product ID (if it in fact changes in hotfix releases) so that GlobalProtect hotfixes can be reliably deployed with PatchMyPC?
Thank you
We are working on this; we have found a way to improve the WSUS rules easily enough and will do so in the coming weeks. As for the Intune detection, that will require a major rework on our detection rules, as almost every other product in our catalog provide the full version number in the ARP registry. We've asked customers to reach out to Palo and request the full version number be provided in ARP for easy detection, and they have provided other registry values to key off of instead...