If a critical vulnerability is covered by a Microsoft fix, and this fix is installed in the client, can the agent read the list of all fix installed on this client?
No, Host IPS does not detect if a Microsoft hotfix/patch is applied to disable a particular Signature. Please submit a PER for this.
So my question is:
why the event was triggered even if the security patch was installed? And, if possible, I would like to know a few more details on how the triggering of the signature works.
Depending on the signature, it can still be violated even if the vulnerability is closed. KB70810 is a good example of this. Signature 3776 monitors for a specific ActiveX control being used (the control was used for an older vulnerability). If the vulnerability is closed, the signature will still violate if it finds the ActiveX control being used.
If the MS10-090 patch is applied and the Sign 3776 disabled, will it still trigger the event?
If a Host IPS signature is Disabled, the signature will not trigger.