Issue
You have some Windows 2012 servers managed by Ivanti EPM.
After running the Patch and Compliance Manager, you notice that very few patches are detected for these client machines.
However, if you run Windows Update manually on one of these servers, a lot of missing patches are detected.
Cause
This issue can have several roots.
Here are the steps to troubleshoot this specific issue.
Resolution
Patch Manager doesn't automatically install all the patches that show up in Windows Update. This topic is covered in more details in this article :
Issue: Microsoft Hotfixes aren't included by default in Ivanti EPM Security and Patch Manager
To find out which patches are included by default in the Patch and Compliance, please see the Ivanti EPM Security Bulletin:
- Make sure that your core server has a valid Patch Management subscription.
- Check also that the Patch Management subscription matches the current version of your core server (for instance 9.5 or 9.6) and is not shown as "expired".
- Make sure that the "Windows vulnerabilities" option is checked in the Patch Manager configuration window and that no error is displayed while downloading the latest definitions
- Ensure that "Update 1" is installed on the Windows 2012 server-managed clients.
Otherwise, the most recent patches for Windows 2012 servers will not be detected by the Ivanti EPM Patch Manager.