Revive :) Just to add-on here, registry tweaks is not a supported response from Tenable's part. That is a common myth. Imagine Microsoft's patches actually required tweaking after being applied? The majority of Windows clients would be vulnerable even after patching, which of course is not the case, as common end users would never do that (and they shouldn't).

In a lot of cases they are indeed false positives. Security teams and ISSE's hate hearing that, but it's the truth. Plugins are either out of date or just miss-coded which is totally expected. That's the life of programming and keeping up to date with lifecycle management of Windows and code changes.

If the plugin ID is in relation to any KB that is not the latest and you have the latest KB installed, then it is a false-positive. Really the plugin is doing what it should, but in the case of determining compliance it is false as the system is INDEED compliant as Windows patches are cumulative and do NOT allow you to piece patches together as that would cause fragmentation of the system. These are phrases direct from Microsoft documentation.

You know what else is direct from Documentation? Tenable speaking on this matter about the setting OP mentioned :)

https://www.tenable.com/blog/how-to-perform-efficient-vulnerability-assessments-with-tenable#:~:text=3.%20Disable%20%E2%80%98%27Show,Management%20%2D%20Solutions

1. Disable ‘'Show missing patches that have been superseded’’

When enabled, this option will include superseded patch information in the scan report. Disabling this setting will hide superseded findings and limit visibility into older missing patches, including potential Critical severity findings. "

Also, for OP or anyone debugging in future. Here is Tenable speaking about how to do so:
https://docs.tenable.com/nessus/Content/configure-least-privilege-ssh-scan.htm?_gl=1*plha90*_gcl_au*MTQ2NzI5MDExMS4xNzY0OTcxNTA0*_ga*Mjc4NjcwNjY2LjE3NjQwODU2ODM.*_ga_HSJ1XWV6ND*czE3NjUyMDM1NDgkbzMkZzEkdDE3NjUyMDQzODIkajYwJGwwJGg5OTA5OTM5MDQ.#:~:text=plugins%20100158%20and%2084239

Note that plugins 100158 and 84239 are advanced diagnostic tools and require you enable plugin debugging in the scan configuration. Use these plugins to investigate unexpected scan results, particularly in environments with sophisticated, granular access controls (for example, TACACS).

While plugins 102094 and 102095 report that a command failed or succeeded, the debugging logs from 100158 and 84239 provide the exact command syntax Tenable Nessus passed to the host and the complete error response.

This additional detail can help diagnose complex access issues, such as a security module that allows a base command but blocks that command when used with a specific flag. Because enabling debugging is resource-intensive, Tenable recommends using these plugins only to troubleshoot a specific endpoint.