Table of Contents

• Overview

• Stage 1: Job Creation Details Captured

• Stage 2: Identifying the Type of Remediation

• Stage 3: Initial Status Update and CRE File Download

• Stage 4: Collection of Excluded Assets

• Stage 5: Patch Collection Stage

• Stage 6: Windows Update Search Stage

• Stage 7: Installed Patch Collection Stage

• Stage 8: Remediation Preparation Stage

• Stage 9: Download and Installation Phase

• Stage 10: End of Remediation

• Stage 11: Final Scan Stage

• Conclusion

Overview

This document explains the backend workflow that occurs when a remediation job is initiated. Please check  each stage of this process and it is crucial in identifying and debugging incase if there are any errors.

Stage 1: Job Creation Details Captured

As soon as the remediation job is created, the following details are captured:

• Job Name

• Creation Timestamp

• Remediation ID

These help in tracking the remediation activities effectively.

Stage 2: Identifying the Type of Remediation

The system identifies whether the creation is:

• A Remediation Job, or

• A Remediation Rule.
  

Stage 3: Initial Status Update and CRE File Download

• The current status of the job is immediately sent to the server.

• Note: It may show as "Success" in the below screenshot, but , it will initially be "Ongoing", in this stage

• 
  

• CRE files (XML configuration files) required for remediation are downloaded at this stage.

Internal validation should confirm that all necessary CRE files are retrieved properly.

Stage 4: Collection of Excluded Assets

In this phase:

• The system collects and verifies excluded assets or patches.

• Updates the remediation status to the server once again.

This ensures that any excluded assets are not remediated.

Stage 5: Patch Collection Stage

The system verifies:

• If any of the targeted patches are already installed.

• If so, remediation for that particular patch is terminated and this will not proceed further
  

Stage 6: Windows Update Search Stage(The Crucial stage)

A Windows Update search is triggered:

• This will use the windows update components present like the windows update search, windows update API to collect the metadata and identifies the patches to be downloaded
  

Stage 7: Installed Patch Collection Stage

• Information regarding already installed patches is collected again.

• This stage provides the details regarding installed patches

Stage 8: Remediation Preparation Stage

During preparation:

• The system checks for any pre-remediation scripts.

• Verifies what kind of remediation is to be performed.

• Captures the asset details selected for remediation.

Example log entry:

2025-04-28 04:16:34.136(-07:00) [3912:7072:I] Application 'Microsoft SQL Server 2019' selected for remediation.

Stage 9: Download and Installation Phase

In this phase:

• Required patches or applications are downloaded.

• Installation activities are executed 

Stage 10: End of Remediation

Upon completion:

• The system records whether the remediation was successful or failed.

• Relevant messages are uploaded to the server (Viser) for the customer to view the status

Another log trace 

Stage 11: Final Scan Stage

At the end:

• A complete scan is triggered, covering:

  • Installed/missing patches,

  • Vulnerabilities,

  • Compliance checks, and more.

During this time, the status in PM → Status page will show as "Verifying Remediation" until the scan is fully completed.

Conclusion: 

Following these stages closely helps in identifying where exactly an issue might occur during the remediation process — whether it is during patch collection, Windows Update search, or another stage. Having a comprehensive understanding of each step greatly assists in faster debugging and resolution of remediation-related issues.