This article explains how LanGuard can detect missing patches for Windows, including Microsoft-developed and third-party patches. This information is helpful for support agents to have a more in-depth and precise understanding of LanGuard's operation when detecting missing patches, and when troubleshooting issues related to this topic.
LanGuard uses one of two engines to check for missing patches. The main engine used is the Windows Update Agent (WUA). This tool is a Microsoft-developed tool used by LanGuard to detect all missing and installed Microsoft patches. First, LanGuard checks if WUA is up to date and update if necessary. If the engine is already up to date, LanGuard then calls the WUA engine and provide a freshly downloaded copy of the offline Scan Package (wsusscn2.cab). LanGuard uses the same functionality as Microsoft’s MBSA, and it should return the same results as long as the database is up to date.
For a list of all Microsoft's patches supported by LanGuard, refer to Supported Microsoft Security Bulletins.
The second engine is the LanGuard Patch Engine. This is our proprietary engine used to scan and detect third-party patches using the Patch Management Database (lanss_12_patchmngmt.mdb) located at
For a list of all non-Microsoft patches supported by LanGuard, refer to Supported 3rd party Windows Application Updates.