We have created a report, which lists Active patches of Critical Severity where Detect Status begins with Not  (e.g., the patch is not installed on the respective devices.) The results of the report are confirmed by browsing the Patch Management Catalog, where missing patches are listed, so the report works fine.

The problem being, we are noticing the detect process is identifying patches to be missing, but under Installed Updates on the respective machine, it lists the patch as installed.

Does anyone know what the detect process is integrating to determine if a patch is installed or not?

We have found, if you uninstall the patch from the devices control panel and update the system using Windows Update, subsequent detect scans will recognize that the patch is installed.

Any information/insight on this issue would be greatly appreciated.

0 Comments   [ + ] Show Comments


Please log in to comment


Kace patching is a little more stringent on what we considered the patch being "installed" or not, such as .dll's being at required versions, etc. 

I would run through this article here and see what the MBSA says:


Answered 08/12/2015 by: brucegoose03
Second Degree Black Belt

Please log in to comment
Answer this question or Comment on this question for clarity
Nine Simple (but Critical) Tips for Effective Patch Management
This paper reviews nine simple tips that can make patch management simpler, more effective and less expensive.