If you have both explicit include filters and exclude filters in your patch analysis job, then yes it's true. The patches to be analyzed are the results of the included list minus the exclude list, which is perfectly logic.
To keep in mind: Windows and unix patching work very differently.
On Windows, regardless of the filters provided in the PAJ job, the actual scan that is done on the target by the Shavlik engine checks for everything and returns the whole list of what's installed or missing (results.xml). The application server then filters out those results based on the filters you have added to the PAJ job, if any. In other words, all of the filtering is done by the application server when the analysis results comes back, and not on the target itself.
For Red Hat, it's different because it's using yum under the covers, which means it needs either the list of packages to search for (includes are passed to the yum update command-line) or list of packages to exclude (exclude=... in the yum.conf file in generates). The data is not filtered by the application server in this case, but rather parsed to be displayed as objects instead of plain text results which yum normally produces...
Ok thanks. I don't have direct control over the Patch Catalog itself but our BMC admins do have two smart groups within named
"Approved Microsof Patches - White list" & "Approved Microsof Patches - Black list". They told me to just add an exclude for the Blacklist and go with that. But recently I was getting non-microsoft patches included and couldn't understand why.
I should be fine by adding the white list as an include and the blacklist as an exclude.