Ecora Patch Manager FAQ

Question:  Why does the patch report list IIS when it's not installed or not running?

Answer:  The system analyzed has the IIS “Common Files” installed from a Windows
Service Pack or Option Pack. This automatically triggers the analysis. While
a system may not have a complete installation or an IIS server instance
running, there can still be serious vulnerabilities associated with the
software. The product always errs in favor of presenting the most secure
analysis possible.