GlobalProtect client failing HIP Check even though the Microsoft patch is installed

• In GlobalProtect logs (PanGPA.log), Microsoft patch is listed in "missing-patches" section of the Hip report:

<hip-report name="hip-report">
....
                <missing-patches>
                    <entry>
                        <title>Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.325.782.0)</title>  
                        <description>Install this update to revise the files that are used to detect viruses, spyware, and other potentially
                        unwanted software. Once you have installed this item, it cannot be removed.</description>
                        <product>Microsoft Defender Antivirus</product>
                        <vendor>Microsoft Corporation</vendor>
                        <info-url/>
                        <kb-article-id>2267602</kb-article-id>
                        <security-bulletin-id/>
                        <severity>2</severity>
                        <category>definition_update</category>
                        <is-installed>no</is-installed>
                    </entry>

• Palo Alto Firewalls
• Supported PAN-OS
• GlobalProtect App on Windows
• Microsoft Patch updates

Issue is due to Microsoft Internal APIs which are in turn used by Opswat integrated by GlobalProtect.

1. Check with Microsoft Support to help fix the issue. OR
2. Exempt specific security patches from being reported as missing from the endpoint HIP report to prevent the endpoint from failing the HIP check.

Note: This feature is available starting from GP 6.2 version. Refer Host Information Profile exceptions for Patch Management.