Windows Update Approvals cannot be automated because Windows updates are not versioned, so a Windows Update Approval is never Out-of-Date.
Setting a Windows Update Approval to approve updates is sufficient to make the system apply that Windows Update to all applicable hosts.
In essence, all updates in VulnDetect are run within minutes of a scheduled or manual inspection. This, is also true for Windows Updates. Only updates that has been rescheduled to run during startup or login are exempt from this logic, i.e. this is irrelevant for Windows Updates.
The use of Windows Update approvals within VulnDetect does not prevent Windows Updates to be installed by other means, e.g. the built-in Windows Update Agent in Windows or other tools.
To fully manage Windows Updates with SecTeer VulnDetect, an Active Directory Group Policy can be configured to disable automatic application of Windows updates by the Microsoft Windows Update service.
There is an option to approve ALL future Windows Updates by default by editing a group setting and turning on the “Default Status for new Windows Update Approvals”. Note that this will not apply to existing WU Approvals, you will have to manually approve them.