Docs
ConnectWise Automate Missing Patches? Why Devices Still Show Missing Updates
Troubleshoot ConnectWise Automate devices that still show missing patches by checking Patch Manager reporting lag, supersedence, reboot state, and endpoint Windows evidence.
Troubleshooting for MSPs and IT admins troubleshooting missing patch visibility in ConnectWise Automate
Free Audit
Run a Free ConnectWise Automate Windows Update Audit
If you want to validate ConnectWise Automate patch risk across devices instead of relying on one patch status view, run the free audit against your Automate environment.
Quick Answer
Direct answer: when ConnectWise Automate still shows missing patches, the most common causes are stale Patch Manager state, superseded approvals, reboot debt, or an endpoint that never returned clean final status.
ConnectWise Automate missing patches is the page to use when Patch Manager still says a device is missing updates even though the endpoint looks patched, rebooted, or clean in another tool.
This is mainly a reporting and state-mismatch problem. The important split is whether Automate is behind the endpoint, the approved patch was superseded, or the device never actually reached a clean final state.
What You'll Get
- Separate stale Automate visibility from real missing updates
- Check policy scope and endpoint proof before changing approvals
Why Patches Show Missing but Are Installed
Automate missing-patch cases often come from reporting mismatch rather than a fresh install failure. The endpoint may already have installed the update, but Patch Manager is still comparing against stale approval state, waiting on reboot and rescan, or holding onto a patch that is no longer the real applicable target.
Supersedence and Approval Drift
ConnectWise Automate operators get tripped up when an approved update becomes superseded before installation. Windows Update may no longer install that patch, but Automate can still treat it as approved and expected, which makes the missing view look worse than endpoint reality.
Patch Manager Freshness Issues
- Check patch-state freshness.
- Check reboot state.
- Check whether the update class is still applicable.
- Check endpoint update history.
- Compare the Automate view with Windows evidence.
Use how to verify Windows patch state, event IDs, and Windows Update logs.
Why the Missing Label Can Be Real or Misleading
- Installed but still missing: reboot or rescan never completed.
- Expected KB no longer appears: the applicable update changed.
- One dashboard tile looks wrong: the summary is stale, not always the endpoint.
How to Prove the Device Is Actually Patched
Use endpoint evidence directly. That is also why patch compliance vs patch status matters here.
What Usually Clears the Missing-Patch State
- Refresh patch state.
- Clear reboot debt.
- Validate the current applicable update.
- Compare the report with endpoint proof before changing approvals.
- If Windows still truly needs the update, move into the install branch.
Where to Go Next
If the patch really failed to install, go to ConnectWise Automate updates not installing. If the patch never appeared in inventory or scan results, go to ConnectWise Automate not detecting patches. If the dashboard is only behind the endpoint, continue to RMM patch report wrong or back to ConnectWise Automate patching not working.