Windows Update Settings
The Windows Update Settings control the behavior of the Windows Update Agent (WUA) used by Software Vulnerability Manager and the Software Vulnerability Manager Agent (csia.exe) to retrieve update information on Windows and other Microsoft products. Each update setting is further explained below.
Use a managed Windows Update server
The csia.exe agent will request a check for updates through an enterprise managed WSUS instance. On machines not configured through WSUS, this check for updates will result in the error: 0x80244011 "WUServer policy value is missing in the registry".
Use the official Windows Update server
The csia.exe agent will request a check for updates through the public Windows Update server. This check will only return updates related to Windows.
Use the office Microsoft Update server
The csia.exe agent will request a check for updates through the public Windows Update server. This check will return a superset of the "Windows Update server" results that include Windows updates and updates for Microsoft products such as Office (non App-V, non App-X installs only) and MSVC redistributables.
Use offline method: path to .CAB file
You should implement the .cab file scanning of windows update for clients that are not connected to the Internet and cannot access WSUS or MU/WU. In such situations Microsoft provides a .cab file that can be used to scan the system. There are limitations to this feature:
• | You are responsible for placing the file in a location accessible by Windows Update Services. The file must be on the local file system; placing the file on a shared drive is not supported by Windows Update Services. |
• | The alternate scan data source (.cab file) only includes high priority updates (security bulletins, critical updates, update rollups) and some service packs. It does not include optional updates (such as updates, feature packs, and tools) and some service packs. If a machine uses this source for scanning, then it is likely that fewer patches will be detected. |
• | Software Vulnerability Manager should be run as administrator. |
For the Windows Update Proxy Settings, select “Do not use a proxy server for the Windows Update Agent”.
Enable WMI Check
Agents can be configured to include security updates from SCCM in the scan data. This feature can be used along with an existing missing security update collection or as the only source for missing knowledge base information.