When a detection check is found as detected and the policy set as compliant, on rare occassions the policy will execute remediation regardless.

This is a defect. The issue is caused when the SMP server, while evaluating client policy configurations, sets the remediation to run regardless of what the outcome is.

This fix will be integrated in version 8.5 RU4 (possibly that release will be called 8.6).

A fix for 8.5 RU2 is available. Please follow these instructions to apply:

1. Log onto the Notification Server as the Application Identity account.
2. Download and extract the attached archive to the Notification Server.
3. Run the PFInstaller2.exe file.
4. Choose to Install the fix.

The fix resolves the issue and prevents the server from applying the incorrect execution instructions to the remediation task, forcing it to conform to the results of the compliance check.