KACE Patching VS Windows - How does this work?
Howdy,
Our Servers are patched by an MSP, but I like KACE to run scans and do detection on them.
Today I decided to check a system manually since I haven't in a while and ran windows update. No critical updates needed and was up to date according to Microsoft Windows Update. As it should be when the MSP is patching.
However when I look at KACE it was stating that 38 patches needed to be applied to the system. Why is there a discrepancy when Windows Updates on the system is empty? Are there settings in KACE I need to change/correct? Anything I should look at it? I'm a little confused by this and it's throwing off my patch compliance numbers.
Below is an example of some of the patches that needed to be updated.
2081 Security Update for Windows Server 2012 R2 (KB2928120)
2082 Security Update for Windows Server 2012 R2 (KB3082089)
2083 2019-10 Update for Windows Server 2012 R2 for x64-based Systems (KB4519108)
2084 2020-05 Update for Windows Server 2012 R2 for x64-based Systems (KB4557900)
2085 2020-09 Security Only Update for .NET Framework 4.8 for Windows 8.1 and Server 2012 R2 for x64 (KB4576489)
2086 2020-09 Update for Windows Server 2012 R2 for x64-based Systems (KB4566371)
2087 2020-10 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Server 2012 R2 for x64 (KB4580469)
2088 2020-10 Update for Windows Server 2012 R2 for x64-based Systems (KB4578623)
2089 2021-02 Security Only Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 R2 for x64 (KB4602960)
2090 2021-02 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB4601349)
2091 2021-03 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB5000853)
2092 2021-04 Update for Windows Server 2012 R2 for x64-based Systems (KB4601275)
2093 2021-04 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB5001393)
2094 2021-05 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB5003220)
2095 2021-06 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB5003681)
Update:
I ran a KACE Report on Missing patches grouped by device, it stated that 38 patches were missing for my test machine. After patching that number changed to 34. I've since ran a wide open "all patches" patch schedule and it has now reduced it to only 1, a windows defender definition update. As I said I use an MSP for patching our servers and they only patch critical items which is understandable. I'm just rather confused as to this behavior I'm noticing of Windows Update, vs KACE Patching these are all Windows Updates and not 3rd party ones also.
Answers (2)
What version of the SMA?
What version of the Agent is installed on these devices?
Comments:
-
Version 12.0.149 and the agent is 12.0.38 - omorganx 2 years ago