Sometimes Kaseya Patch Scan detects updates which are not detected using the Windows Update website on the same machine, or vice versa - why does this happen?
This is due to the different Microsoft data sources used by Kaseya and the Windows Update application: -
1) The Windows Update site uses the "Windows Update Catalog" by default. Kaseya uses a Microsoft API to access the "Microsoft Update Catalog",which is more comprehensive than the Windows Update Catalog, covering more products.For this reason, it is common for Kaseya to detect updates that are not reported by the Windows Update website. Windows Update can be upgraded to "Microsoft Update" within the Control Panel application or on the Windows Update website (depending on the OS).
2) Sometimes, when a machine cannot access the Microsoft Update Catalog (usually because of proxy / firewall issues), we use an alternate source - WSUSSCN2.CAB file. The scan engine will use this CAB file to perform a patch scan. This alternate scan data source only includes high priority updates (security bulletins, critical updates, update rollups) and some service packs. It does not include optional updates (updates, feature packs, tools) and some service packs. If a machine uses this source for its patch scan, then it is likely that Kaseya will detect fewer patches than Windows Update website.
To determine whether the Microsoft Update Catalog or the WSUSSCN2.CAB file were used for a particular scan, look at the pending scripts tab in the single machine interface. Check the Status column in the Script History table for "WUA Patch Scan 2" - "Success THEN" indicates the Microsoft Update Catalog was used to perform the scan while "Success ELSE" indicates the alternate data source (WSUSSCN2.CAB) was used. If the WSUSSCN2.CAB data source was used, check the script log for a log entry reporting a scan error. Use that error to determine why the primary source could not be accessed.
3) Machines with an OS older than Windows 2000 SP4 will use a legacy patch source which is less comprehensive than either the Microsoft Update Catalog or Windows Update.
4) Kaseya does not report device drivers or signature definition files for Windows Defender whereas the Windows Update site does.
In summary: -
- on a machine running Windows 2000 SP4 or later OS which uses the primary data source, the Kaseya patch scan will be more comprehensive compared to a Windows Update scan (with the exception of device drivers and Defender signature definitions)
-on a machine running an older OS, or using the alternative data source, a Windows Update scan will be more comprehensive
Kaseya Patch Management (v4.8.1 and above)