Server 2016 updating with auto WU "Disabled" in GPE

Hi guys

I have turned off “Automatic Udates” in Group Policy in Server 2016.

When I checked ITarian Patch Managment today it showed thathe below update automatically installed?

Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.341.1155.0) 2267602

I have been testing for a couple of weeks now and it is the first time an update has squezed through.

How can I stop this on the server?

Thx …D

Or can ITarian work if an update is non-approved should it auto-install?

I also want to know. Unfortunately there is no help on the topic. So i think it just invokes the windows update client and the computer gets updated. So if you block that then it does not do anything.
No logs to check as well as to what happens to the patch management job. The only log i have seen is when its able to install the patch then you see the log. But when it scans then there is no log to see what happened to the scan job.