So there's a few things going on here. The first patch, under MSWU-599, is being offered because the affected product is actually Windows Server 2008 R2, not .NET. There are some patches for various programs (often .NET, critical flash updates, IE) that are considered an OS patch, due to the particulars of that patch itself. Because filtering is per product, an OS patch that resolves a .NET vulnerability won't be excluded when you exclude .NET.
For the second issue, KB3197044 isn't in our patch catalog, which is why it's not being offered. I can see it was released in December, so we may not have yet put it through our QA process. I'll see if it's already on the backlog of patches to support, and if we can add it if it's not.