An example on this situation is the patch: 2021-05 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB5003220) which is not offered via Windows Update and if the patch is sent for detection in Kace SMA and it is not installed in the device it will get as detect results NOT PATCHED. This situation is by design as Kace SMA runs detection based on its signature, this means the results for the detect phase are independent for each patch with 3 possible results:
Microsoft offers the patches in different release channels: Windows Updates, Microsoft Update Catalog and WSUS on which Windows Updates is more intended to run automatically and the patches advertised will be only what Microsoft decides to distribute for general availability. Other patches like "security Only" patches would be available though other channels apart from Windows Update such as Microsoft Catalog (to download and deploy manually) or WSUS.
These patches are still active and not superseded (even though they might be old) and if deployed they will be applicable that's the reason why when detected with Kace SMA the results are NOT PATCHED.
Release channel Table for "Security-only" updates and "Cumulative security update for Internet Explorer" shows as follows in Microsoft site for the patches description:
For additional information about the different types of Updates see below link to Microsoft Documentation:
Description of the standard terminology that is used to describe Microsoft software updates
Kace Support recommendations:
Additional information about Kace Patching best practices and concepts can be found in the link below:
KACE SMA Patching Best Practices
For additional assistance please contact Support
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Feedback 使用条款 隐私 Cookie Preference Center