I've really noticed this since the switch to the Next Gen patching. I now have several machines that show under their "missing patches" rules that have "DETECT" in their name but have no repair action. For example, last months "MS18-02-SO7_INTL" vulnerability has 6 rules in it. Three appear to be actual patches, while three have no download associated with them and no repair action. If I scan this vulnerability against machines, they detect the "DETECT" rules, but not the actual installs. So I end up with something like this:
Why is it not actually installing anything, and how can I determine what needs to be done here? Here's the actual vulnerability properties:
