What determines an 'Internet-based Install Only' patch? Can 'Internet-based Install Only' patches be installed through Kaseya?
1). Microsoft has not provided sufficient detail for us to determine the appropriate product, platform, or other key component of the target machine, i.e.we can't determine if the patch is intended for x86 or x64.
2). Microsoft does not have a single-file download available for the patch. Either it is a .cab or similar file type which Kaseya does not support.
File types such as .cab are not supported by Kaseya because we execute patches via the command line. The .cab file contains several individual files that need to be extracted and then executed. Kaseya currently has no way of determining what the files within that file are what order they need to be executed in.
3). The patch is a new patch and we have not yet completed the processing of new patch data on our end. This is fairly typical after patch Tuesday. It can take a couple of days sometimes for new patches to be processed and for us to be able to get the patch location updated.
Can 'Internet Based Install' patches be installed through Kaseya?
Patches tagged as Internet-based Install Only can be installed by Kaseya (assuming the patch is approved within your VSA for the patch policies you're using). When a patch is tagged this way, Kaseya will leverage the Windows Update Agent to install the patches. This is the same method used if your File Source configuration is set to "Download from Internet" and Kaseya's Automatic Update function is used to install the patches. If you are using this configuration, then all patches will install using the Windows Update Agent (WUA) based on specific requests from Kaseya through the WUA.api.
If you are using a LAN share or the System Server as your patch source, then any patch that is NOT tagged as Internet-based Install Only will be downloaded to the defined file share. That patch will then be distributed to the endpoint for installation. Patches that are targeted to this same endpoint that ARE tagged as Internet-based Install Only will be installed using leveraging WUA through the API.
In short, whether you're using a LAN, the System Server, or Download from Internet, those patches tagged as Internet-based Install Only can be installed, provided the endpoint has sufficient access to the internet. If the endpoint does NOT have sufficient access to the internet, then these patches would not likely be discovered as missing since Patch Scan (which detects missing patches) requires access to the Microsoft websites to determine which patches are missing from and applicable to the endpoint.
VSA 6.3 and above