All our OS deployment templates have Patch system as the last action under system configuration. They all set to Scan Only. I tried and tried to get a good explanation on what this means and all i keep coming up with is that it ... well ... scans local system for what is missing. But seems like i cant find more fine details - Scans local system against what? Once scan what does it do? Etc... Just missing info to understand what it actually does.
Thanks a lot