I believe the All Installed is based on the "ComputerVulnerability" table.
So you would have these joins
Computer on ComputerVulnerability using computer_idn then use the PatchInstallSucceeded = 2 maybe or Detected = 0
Or maybe I was using CVDetected with PatchDetected... :S
If you want more detail about the patch then add in ComputerVulnerability on Patch using vulnerability_idn
Anyway hopefully somewhere in there is what you're chasing.
Important correction / update once you use LANDesk ManagementSuite 9.0 or higher.
The "ComputerVulnerability" table is only populated when you're running "Gather Historical" - and it will show you what *IS* as well as what *IS NOT* detected (and why).
This is *NOT* something we store / keep by default, (i.e. - if you never run "GATHER HISTORICAL" you will not populate this table) as this has proven to be a massive DB-bloat. In an effort to improve performance, we now (as of LANDesk Management Suite 9.0) only keep track of what *HAS* been detected (and why) - meaning we no longer specifically store "what vulnerability has NOT been detected and why) - this frees up significant amounts of space.
The information for "why is vulnerability X NOT being detected" can still be generated (this is what Gather Historical does) should it be needed (many do not however).
In order to pull data of "what is vulnerable", query the "CVDetected" table.
- Paul Hoffmann