Reviewing Missing and Installed Windows Patches
When you navigate to the Patches tab, by default, the patches that are missing on your hosts are shown that were detected using the Patch Management scan.
The patches tab lists three types of patches:
- Automatic - Patch downloadable via the Cloud Agent (Qualys Patchable: Yes)
- Qualys Patchable - Qualys Patchable are the patches that can be installed using Patch Management. Most of the patches listed on the Patches tab are Qualys Patchable.
- AcquireFromVendor - Patch must be acquired from the vendor and installed manually (Qualys Patchable: No)
- AcquireFromVendor - We have certain patches which are listed under the Patches tab but cannot be installed using Patch Management. These patches are marked as "AcquireFromVendor" which means you need to manually download these patches from the vendor website and install them on the host.
Patches that are not marked as "AcquireFromVendor" are defined as "Qualys Patchable" which means they can be added to a patch job.
- Unavailable - Patch download information is not available (Qualys Patchable: No)
The default or custom assessment profile scans the assets for missing and installed patches at regular intervals. This information is then displayed in the patches tab in the form of missing or installed patches.
Note that patches are linked to QIDs using CVE IDs. The QID for a patch is not shown if the QID is not linked to a CVE ID. CVE ID is the common point of linking and required to link the patch with the QID.
Alternatively, you can go to the Assets tab to view the count of missing and installed patches on particular assets.
Sometimes, the count for the missing and installed patches on the Windows tab of the Assets tab might not be correct. The data shown varies based on the latest agent scan. If new patches are made available before the next agent scan, the count might reflect the old patch count.