Monitor for Missing Patches

N-central monitors missing patches using the Patch Status v2 Service, which operates as part of the endpoint agent. The agent receives patch data from the Patch Management Engine (PME), which communicates directly with the Windows Update Agent (WUA) to detect available and missing patches. PME passes this information to the agent, which then updates the Patch Status v2 service. This setup allows N-central to report patch status accurately without directly performing patch scans or installations through Patch Status v2 itself.

The Patch Status service shows the following information:

Total missing patches

Displays the total number of Microsoft and supported third-party patches that the device requires but has not yet installed.

• Excludes superseded patches to avoid false positives.

Patches installed with errors

Flags patches that attempted to install but failed.

• Requires administrators to investigate and remediate through patch troubleshooting workflows.

Missing patches by category

Groups missing patches by type, such as security updates, critical updates, or feature updates.

• Allows prioritization of high-impact security patches.

Missing patches older than a user-specified number of days

Highlights patches that remain uninstalled beyond an administrator-defined age threshold.

• Highlights devices that may be out of compliance.

Patches missing but not yet approved

Shows patches identified by WUA as missing but still pending approval in N-central (manual or automatic).

• Keeps these patches in the missing list until approval occurs. These unapproved patches represent a critical blind spot in many organizations' security posture, as they may include high-risk vulnerabilities that are not yet scheduled for remediation.