BigFix Showing Relevant Patches but Windows Shows Up To Date

Long story, but the BigFix environment that I am managing has gotten extremely behind on Client patching. In order to catch up, the team decided to turn on Windows Updates to quickly install all of the updates.

After going through a series of updates, Windows is showing the client as being up to date. However, BigFix says that there are 31 Relevant Microsoft patches for the machine.

Here are the details of the client and the environment -


Hardware - HP
OS - Windows 7


Version -

Photo shows the relevant patches in BigFix

Any ideas as to why there is this difference, I would appreciate the help!


Hi Josh,

First of all, I suggest to make sure the computers have been restarted after Windows Update patched them.

Next I would focus on the Category of these Fixlets.

For Hotfix and Undo Workaround, they won’t be offered by Windows Update, and they are usually not required to install unless there’s specific needs. You can safely ignore those Fixlets.

For other categories, I suggest that you start from “Security Update” which is most important. Pick a computer that’s reported relevant for one of the Security Update Fixlets, perform a MBSA scan to see whether the Security Update is really needed. If it’s not reported by MBSA, and Fixlet stays relevant, try downloading the patch and installing it manually. If manual install fails, it’s a false positive issue of the Fixlet and I believe you can open a PMR to report the issue.

Hope the above helps, and let me know if I can explain further.