Windows Update Event Monitor Reference Guide

Windows Update Event Monitor

Checks specified servers and alerts if patches and updates from Windows Update have not been installed recently.


This event monitor checks remote machines and alerts if it finds that they have not had patches installed in more than a specified number of days. It provides a great way to be reminded about machines that might be under the control of other users and haven't been updated recently.

Use Cases

  • Detecting unpatched and vulnerable systems

Monitoring Options

This event monitor provides the following options:

Alert with [Info/Warning/Error/Critical] if updates have not been installed in the last [#] days

Use this option to set a threshold and get alerts if systems have not had updates installed for that period.

Alert based on the number of days since definition updates for Windows Defender Antivirus have been installed

This option alerts if the specified amount of days has passed since definition updates for Windows Defender have been installed.

Alert with [Info/Warning/Error/Critical] if updates are available

This option will send a notification if any updates become available.

Ignore definition updates for Windows Defender

Enable this option to filter out any definition updates for Windows Defender from your notifications.

Show all installed updates in all notifications

With this option enabled, all updates that have been installed will appear in the event text.

Show the latest installed updates in all notifications

Notifications will contain only the latest installed updates.

Show the latest cumulative update installed in all notifications

This option will show only the latest cumulative update installed in each run's event text.

Show pending updates in all notifications

Checking this box will include a list of pending updates in each notification generated by the event monitor.

Show the latest installed update in all notifications

Enable this option to include details about the most recently installed update in all notifications and alerts.

Updates to ignore

Enter the names of updates you want the event monitor to ignore in the provided text field.

A configuration change is required in order retrieve Windows updates on systems using their IP address. To connect to systems using their IP address open an administrative command line window on your monitoring server (and remote nodes in a multi-site configuration) and run the following command: winrm set winrm/config/client @{TrustedHosts="*"}

Authentication and Security

The account used for authentication must be a member of the Performance Monitor Users group and the Distributed COM Users group, or have admin rights.


Data Points

This event monitor generates the following data points:

Data Point Description
Most Recent Update The time of the most recent update.

Sample Output


To view the tutorial for this event monitor, click here.

Back to Library


There are no user-contributed comments for this page. Be the first to submit a comment!

Add a comment