Why Shavlik Protect Patch Scan Results Differ from Windows Update

Version 14



    An explanation of why Shavlik Protect patch scan results may show different patches needed than when running a Windows Update.




    Shavlik Protect uses different detection logic to scan for patches than Windows Update and other patch vendors. A Windows Update scan has the ability to show missing Security Patches, Non-Security Patches, Security Tools, driver updates, and sometimes patches that aren't publicly downloadable.


    Depending on what Scan Template you are using in Protect, the results will vary. The built-in security patch scan will only show missing security patches. The built-in WU scan will show missing security patches and non-security patches. And please note - we don't always include all non-security patches in our XML data right away either, as security patches take precedence.


    You can always create a Custom Scan Template, and check security patches, non-security patches, and security tools for the most robust scan with Protect.


    Shavlik uses a variety of methods to see if a target machine needs a patch.  The process is detailed in the document "Explanation of how patch scanning detection works with Shavlik Protect" which can be found here: http://community.shavlik.com/docs/DOC-2259 .


    Administrators can view files and registry entry criteria by searching for the patch in View > Patches of the Shavlik Protect Console main menu.


    See this online help file for more information on using Patch View:



    There is also a difference in how Protect displays criticality and vendor severity. See this document for further information concerning this:
    Understanding patch severity in a Shavlik Protect patch scan and why it may differ from Windows Update


    Affected Product(s)


    Shavlik Protect 9.x