We have ran into issues over the past few months where patch manager reports there are no pending patches. We run patch manager and report in our servers when complete. After a few days security scans are performed, we have a few servers reporting some patches missing even though patch manager reports the servers are up to date. The Client components are the same on the servers in question as the other servers we have deployed patches on. Has anyone else encounter this issue?
Patch manager may have different updates offered than Microsoft Update because of WSUS synchronization settings. When setting up WSUS you have to choose what products and classifications of updates to pull from Microsoft and if you dont have something selected that gets offered in MU then scans (like Nessus) will show that its missing.