Symantec Endpoint Protection's (SEP) Host Integrity feature has the ability to check for an installed Microsoft patch or hotfix by KB number. However, there are instances in which the Host Integrity check will fail, even when the patch is listed as installed under the 'Installed Updates' Control Panel interface.
SEP Security Log shows Host Integrity check failed entries for Patch requirements. As example:
Host Integrity check failed
Requirement: ""Patch requirement - KB3207752"" failed
Requirement: ""Patch requirement - KB3181988"" passed
Host Integrity uses a Windows Management Instrumentation (WMI) query to get the list of installed Microsoft patches and hotfixes. The WMI query Host Integrity uses implements the
Win32_QuickFixEngineering class. According to Microsoft, this class, "returns only the updates supplied by Component Based Servicing (CBS). These updates are not listed in the registry. Updates supplied by Microsoft Windows Installer (MSI) or the Windows update site (http://update.microsoft.com) are not returned by Win32_QuickFixEngineering".