So first let me lay out my environment, we have some internal programs that require Java JDK8 and the standlone JRE to co-exist on one machine. It seems that Automox will find one of the JRE’s and correctly report it / remediate it. However, if the standalone + embedded both exist on one machine, it won’t correctly find both out of date JRE’s and patch. It will pick seemingly one random one and patch that, and call it good. This causes our vuln scanner to correctly find an out of JRE and alert on it.
TL;DR: Two instances of JRE live on one machine, AM will find and patch one of them, but not the other.
Not sure a way around this, or if this is even supported to have multiple “patchable” apps with the same name? Trying to see if anyone else has this issue or any workarounds.