Working through our organization's Vulnerabilities and patches and while revisiting missed Patches for January's Patch Tuesday, I noticed that Qualys was still reporting last detected vulnerabilities from August or earlier . At our organization if a device doesn't check in with AD with in 3 months of its last check in the device is dropped in AD and from the network. Now when I build my scans and reports I thought that I had also set up Qualys to drop any device or vulnerability not seen in the last 3 months, but I'm showing these ( going as far back as last detected in May). Some are on devices still on the network but again the last detected date on the vulnerability was over the three month period. is there a setting i need to change or what to get a better picture of our environment as it stands today? I'm trying to make it easier on my Data center and desktop teams to remedy these missing patches.