Monitor for Missing Patches

Installing a Windows Agent on a device automatically adds the Patch Status v2 service. This service queries the local Windows Update Agent (WUA) to identify missing Microsoft and third-party application patches. The Patch Status service shows

Total missing patches

Displays the total number of Microsoft and supported third-party patches that the device requires but has not yet installed.

• Excludes superseded patches to avoid false positives.

Patches installed with errors

Flags patches that attempted to install but failed.

• Requires administrators to investigate and remediate through patch troubleshooting workflows.

Missing patches by category

Groups missing patches by type, such as security updates, critical updates, or feature updates.

• Allows prioritization of high-impact security patches.

Missing patches older than a user-specified number of days

Highlights patches that remain uninstalled beyond an administrator-defined age threshold.

• Highlights devices that may be out of compliance.

Patches missing but not yet approved

Shows patches identified by WUA as missing but still pending approval in N-central (manual or automatic).

• Keeps these patches in the missing list until approval occurs. These unapproved patches represent a critical blind spot in many organizations' security posture, as they may include high-risk vulnerabilities that are not yet scheduled for remediation.