When you selected "Critical" was it from the 'Detect only these user criticalities' section?
If so, you should probably uncheck that and use the check boxes under the 'Detect only these patch types or severities' section just below it. You should only use the user criticality check boxes if you are also setting a custom user criticality on patches in Protect.
Hope that helps.
Adam, Yes, I selected from 'Detect only these patch types or severities' as per your screenshot.
This is quite easy for anyone to test, so it would be good to see what others experience.
I just tested a scan template with the settings you mentioned - Product filter of OS and Security patches - Critical selected. It appears to be working as expected, so I was not able to repro your issue.
Make sure your console's patch definitions are getting updated (Help > About to check, Help > refresh files to update) and double check the settings in the custom scan template. Is there any other filtering in place that you didn't mention, or is the 'use replacement patches' option in Tools > Options > Scans disabled?
Yes, all settings are correct. There are two of us looking as we have the same behaviour in prod and a clean vmware lab. We also get the same behaviour when selecting 'important' security updates for W7 from a patch scan template and compare it with default security scan.
As a further test, we have now simply made a copy of the Security Scan Patch template and in the copy, selected OS and Critical security updates only.
The default sacn lists 37 critical missing security patches, whilst the copy lists 52
Can you post a screenshot of the differing results? Otherwise, it may be best at this point to collect trace logs from the Protect console and open a case directly with support.
Yes. We opened a case on Monday. Support came back and I've now sent the logs to Shavlik. Thanks