Is it possible you didn't include patches in the Patch Group that are installed or missing on the target? Have you verified patches show missing or installed when using a Security Patch Scan template? Please do, then add one of the missing patches to the Patch Group and scan using the Patch Group again. Does the newly added patch show missing?
You should also verify you have the latest Windows Patch Definitions in Help > About.
I have already verified with Security Patch Scan template and see result as below;
I see there's some missing patches but they are only the latest patches;
The patches I'm trying to install with a patch group are old ones such as MS11, MS13, MS15 etc...
Below is the capture of the group I created;
The patch definition looks like the latest.
2 of 2 people found this helpful
By default, our scan engine will only show you the latest applicable patch required on the system. Patch for Windows Servers uses complex detection to determine what is needed or already installed and provides you with a list of patches that are applicable on the system, this includes ignoring old patches that have been replaced by newer patches. If a Security Patch Scan or a WUScan Template doesn't show patch as missing then: (possible causes)
- The patch is replace by a newer patch and the latest applicable patch in the chain is missing. Many of the patches on the list have been replaced by newer patches. There is no need to install the superseded patches if you install the latest in the chain. To disable our supersedence logic, not recommended, go to Tools > Options > Patch and uncheck Use replacement patches.
- The patch is already installed and shows Installed.
- The latest patch in the chain is already installed and the previous patches are Effectively Installed. You would need to create a custom Patch Scan Template and enable detection of Effectively Installed patches to see these patches. This will often show old patches that may not be specifically installed, but are Effectively Installed due to newer patches in the chain be installed.
- We don't support the patch. This is less likely.
- There is a detection issue. This is less likely with older patches.
Knowing our product and how our detection works, I'm positive a Security Patch Scan using the latest data will show what is require on your target machines.
Please let me know if you need me to elaborate.
I understand how this product works.
I may proceed to deploy required patches using Security Patch Scan.
Thanks again for your support!