Hey, @jensm! It sounds like you may have "Allow Downgrade" selected in your Patch Policy.

The "Allow Downgrade" option dictates whether or not computers with a higher Version of a Software Title than defined in the Patch Policy should be Eligible. Eligible means that it could fall into Scope and receive the Version being deployed by the Patch Policy.

When this option is unselected, a computer that reports a higher Version of a Software Title than the active Patch Policy will not be counted as Eligible and thus not fall into Scope. This means that users with the latest version will not receive update notifications in situations where you don't yet have a package for the latest version.

If this checkbox is selected computers that do not match the Version being deployed by the Patch Policy will become Eligible and potentially fall into Scope.

Hi @brandon.gil ,

indeed, Allow Downgrade was selected. That's the cause.
Thanks for that advise.
I would not have expected this behavior and i think it´s wrong. At least it is confusing.
But I think we do not need the Allow Downgrade function anyway.

Thanks for the feedback, @jensm. I can pass this along to our User Experience and Technical Communications groups.

Sorry to highjack this thread but. We are seeing this with chrome. From one of our users:
Self Service is forcing an "update" of Chrome on my Mac to an older version every day or two. After Self Service reinstalls Chrome at an older version, Chrome auto-updates to the latest version. Then the cycle starts over again with Self Service thinking that Chrome needs an update.

Note: I've updated the version to stop the bleeding.