In order to identify that a patch has been explicitly installed, several criteria must be met.
•The patch must include a registry key that gets written to the machine on which it will be installed.
Some types of patches do not write registry keys to the system on which they're being installed. Since there is no explicit indication that the patch has been applied, it cannot be determined that the patch was specifically installed at any point in time. To ensure that these systems are up to date, run a scan against the system and ensure that there are no patches that appear as 'Patch Missing.'
•The registry key must exist on the system being scanned.
•All the files in the patch (as defined by the data definition file) that were written to the remote system must be equal to or greater than the file versions recorded in the data file. If any of the file versions on the remote system are below what is expected, the patch is considered not installed even if the registry key is present.