An explanation of why Shavlik Protect patch scan results may show different patches needed than when running a Windows Update.
Shavlik Protect uses different detection logic to scan for patches than Windows Update and other patch vendors. A Windows Update scan has the ability to show missing Security Patches, Non-Security Patches, Security Tools, driver updates, and sometimes patches that aren't publicly downloadable.
Depending on what Scan Template you are using in Protect, the results will vary. The built-in security patch scan will only show missing security patches. The built-in WU scan will show missing security patches and non-security patches. And please note - we don't always include all non-security patches in our XML data right away either, as security patches take precedence.
You can always create a Custom Scan Template, and check security patches, non-security patches, and security tools for the most robust scan with Protect.
Shavlik uses a variety of methods to see if a target machine needs a patch. The process is detailed in the document "Explanation of how patch scanning detection works with Shavlik Protect" which can be found here: http://community.shavlik.com/docs/DOC-2259 .
Administrators can view files and registry entry criteria by searching for the patch in View > Patches of the Shavlik Protect Console main menu.
See this online help file for more information on using Patch View:
There is also a difference in how Protect displays criticality and vendor severity. See this document for further information concerning this:
Understanding patch severity in a Shavlik Protect patch scan and why it may differ from Windows Update
Shavlik Protect 9.x