Why the patch detected by a machine member of only one Patch policy shows up under all policies
All patch data in any Kaseya installation comes directly from the patch scan results for all managed machines. When patch scan results are processed, all patch data obtained from the Windows Update Agent (WUA) API is added to or updated in the Kaseya database. Patch that’s been added to the MUC is needed by at least one endpoint that has been scanned since the patch was added to the MUC, you will see the patch listed in Kaseya Patch Management.
A Patch policy will only display patches that have been detected on all endpoints. As long as there is at least 1 machine reporting a specific patch, that patch will always be visible in ALL Patch Approval Policies. When a patch is no longer reported by ANY machine, NONE of the Patch Approval Policies will display the patch. To add, what this means is that if a patch is detected for only 1 machine, it will display in all patch policies. Just because a patch policy is assigned to the machine doesn't mean that the patch will only appear in that policy. It will appear for all patch policies. This is by design. If you have 50 patch policies and only 1 machine that detects a patch, it will appear in all patch policies even if the patch policy is not assigned to it.
Kaseya VSA - v6.3 and above