This content has been marked as final. Show 1 reply
I am assuming that you are refering to the vulnerability addressed by KB953155 (Q953155). The scan detection logic will vary based upon operating system (e.g. which edition of Windows Server 2003 you are scanning). If you look to the Patch Information tab when selecting the missing patch in the scan results, you should see the reason for which the patch is identified as missing (e.g. file version is less than expected).
When scanning for patches, NetChk Protect looks to the affected files and registry entries to identify the existence of the pertinent vulnerability. Even though IIS may not be installed, the affected files are likely present, and would thus require patching in order to mitigate the vulnerability.