After recently getting my Patch Manager server up and into Production, I discovered the update KB2798897 kept re-installing on my PC's. It would install successfully but a few seconds later it would be there again. This was happening on all PC's (only 4 'cause I've only just started migrating)
So, looking into various forums I find a few techniques that may help in certain scenarios but weren't helping me. Obviously my issue was different. So I log into the WSUS console and check the patch in there. What I find is that there are two identical patches, but one is expired.
So I resolved the problem by declining the expired patch.
Here are some thoughts on the issue.
1. The Server Cleanup Wizard only declines expired patches that are not approved for deployment. Why not decline all expired patches ? All expired patches have a successor.
2. When I tried to automate the declining of expired patches in Patch Manager using "Decline (scheduled with rules)" I found the rules were not flexible enough to pick the patches based on "Publication State". Maybe I'll raise this as an enhancement request.