You will need to configure some posture checks. A very good source of documentation is Cisco's TrustSec guide:
Thank you for rating!
I didn't see how to do the posture checks, I discovered the issue was I was always looking in the "Windows all" group. When I select a specific platform like "Windows 7 (all)" then I see the hotfix checks.
please, did you find how to check the last updates on Windows?
I can not find out how to do this!!
Could you help me about it?
thanks a lot
Hi did you ever find a solution to this problem?
We don't really care about specific updates. We just want to check for windows having the latest updates available - so its also is auto updated instead of us having to manually update with specific updates.
You cannot adopt a manual method to check for missing Windows Update. It is the Windows Update Services (WUAUSERV) that checks for the Windows Update State of a machine using query response mechanism and by checking various files as well as registry settings and whether last update was successfully completed.
Windows update information and settings are at the following path in the registry:
Key Value Pair: NextDetectionTime
You may require to create Registry Condition & Compound Condition. Besides this you can also probe some other values in the above registry key path
So for that matter, You can configure posture validation based on the registry
Optionally, you can configure Windows Server Update Services (WSUS) remediation instead for your posture validation policy. More detailed help is available at the following location: