I am assuming this is a Windows server. The BSA results are reliable. This is one of the reasons our patch analysis is far better than WSUS. The BSA scan actually checks to see if the vulnerability/issue exists, not if the registry says the patch is installed. If you have not rebooted, then the patch may be installed; but the “problem” dll’s/files are still in use in memory. That means your system is still vulnerable/susceptible.
Thanks for your reply Adam .
Yes , its a Window server . But my main concern is that , Deploy job results in BBSA show 100% success ,but the Post analysis result for the target sever still shows 17 patches missing .
Will Rebooting the server change the Post Analysis results ?
Most certainly. Did you have 17 patches that do, or “may”, require a reboot as defined by Microsoft?.
If you just want to audit for which patches are installed, then perform a server audit against applications. There you can see what is installed according to the operating system. But again, keep in mind that just because a system has a patch installed, it doesn’t mean that the system is no longer vulnerable.