Why Shavlik Protect Patch Scan Results Differ from Windows Update

Version 14

    Purpose

     

    An explanation of why Shavlik Protect patch scan results may show different patches needed than when running a Windows Update.

     

    Solution

     

    Shavlik Protect uses different detection logic to scan for patches than Windows Update and other patch vendors. A Windows Update scan has the ability to show missing Security Patches, Non-Security Patches, Security Tools, driver updates, and sometimes patches that aren't publicly downloadable.

     

    Depending on what Scan Template you are using in Protect, the results will vary. The built-in security patch scan will only show missing security patches. The built-in WU scan will show missing security patches and non-security patches. And please note - we don't always include all non-security patches in our XML data right away either, as security patches take precedence.

     

    You can always create a Custom Scan Template, and check security patches, non-security patches, and security tools for the most robust scan with Protect.

     

    Shavlik uses a variety of methods to see if a target machine needs a patch.  The process is detailed in the document "Explanation of how patch scanning detection works with Shavlik Protect" which can be found here: http://community.shavlik.com/docs/DOC-2259 .

     

    Administrators can view files and registry entry criteria by searching for the patch in View > Patches of the Shavlik Protect Console main menu.

     

    See this online help file for more information on using Patch View:

    http://www.shavlik.com/onlinehelp/Protect90HTMLHelp/Viewing_Patch_Details_(Patch_View).htm

     

    There is also a difference in how Protect displays criticality and vendor severity. See this document for further information concerning this:
    Understanding patch severity in a Shavlik Protect patch scan and why it may differ from Windows Update

     

    Affected Product(s)

     

    Shavlik Protect 9.x