The only ways to have them not show up in the scan are:
- not scan for Security Tools in your template(s)
- explicitly exclude them from your scans by making a patch group and excluding the group from your template(s)
Since you mentioned that you are not able to do an exception list, I'm assuming you also can't do #1, but unfortunately there isn't another method to do what you're looking for. The only way to not have them show up in your results is to not scan for them or explicitly exclude them.
What is it you have to mitigate? I want to make sure I understand - if there is a reason you don't want to install them, what is the issue with excepting them from your scans?
Just to cover all bases, are they showing up every month in spite being installed? I want to make sure you're not in a loop with the uninstallers those tools both have: Patches That Always Show Missing In Results - Install / Uninstall Loops
Let me know if that helps.
Its regulatory, we have to scan for tools and all applicable patches, etc... So mitigate means, I have to supply judiciary evidence as to why I am not applying the patch that is showing as applicable, its just extra work each month, I was hoping there was an easy way to just delete them or uninstall something from the machines to make these two go away.
MS12-A06 we have already disabled via GPO and in the registry.
Oh sorry didn't answer your one scan, for whatever reason last time I added an exception list it seem to miss some other tools, possibility I setup my exception list wrong?
Yeah, exception lists will only exclude patches included in the excepted Patch Group, so if that's not working as expected, I would definitely recommend opening a case so we can take a look at it. Just let me know if you do and I can make sure I own the case and can ensure you're good to go on this.
The method is basically just:
- Add the patches you want to exclude to a Patch Group
- Create a new Patch Scan Template (or open your existing one to modify it)
- Check the "Exceptions" radio button and check the box next to the Patch Group you just added those patches to
Then any scan performed with that template will then scan with the other options as configured, but explicitly exclude those patches in the Patch Group from showing up in your results.