Applications installed for a local user do not show in the Cytomic Patch pending installation list

When certain applications are installed at the local user level but not for all users on the computer,Cytomic Patch doesn’t detect them. Therefore, they don’t appear in the list of pending patches for installation and the application needs to be added manually.

Some of the most common applications we see this with are:

• Zoom Client for Meetings
• Microsoft Teams
• Google Chrome
• Slack
• RingCentral
• Fiddler
• Opera
• WinSCP

In this article, we will use Zoom as an example, but it’s the same for any other program.

If you visit Zoom’s website to install their meeting app, you are offered ZoomInstaller.exe by default. After execution, the program shows up as installed in Control Panel:

However, when scanned, this machine shows no Zoom patches at all, installed or missing:

This is because the exe installer does not lay down any registry keys in the HKEY_LOCAL_MACHINE (HKLM) hive, only HKEY_CURRENT_USER (HKCU), and it is installed within the user directory (C:\Users\\AppData\Roaming\Zoom\bin). Our scan engine is only able to query the machine-wide hive, so it will never see any evidence that the application is installed.

To be able to detect an application properly, it needs to be installed machine-wide (specifically, registry keys are laid down in HKLM and the application runs out of a central installed location rather than a user’s profile). Often this requires searching specifically for an msi installer or one the can deployed/managed from a central location.

To continue with the Zoom example, we can see the difference when we use ZoomInstallerFull.msi, available deeper on their site on a download page for all of their installers. After running that installer, we see a folder structure built out in “C:\Program Files (x86)\Zoom” instead of AppData, registry entries laid down in HKLM instead of HKCU, and we can now detect the installation as expected when scanning: