Installed (Explicitly Installed)
In order to identify that a patch has been explicitly installed, several criteria must be met.
- The patch must include a registry key that gets written to the machine on which it will be installed.
Some types of patches do not write registry keys to the system on which they're being installed. Since there is no explicit indication that the patch has been applied, it cannot be determined that the patch was specifically installed at any point in time. To ensure that these systems are up to date, run a scan against the system and ensure that there are no patches that appear as 'Patch Missing.'
If Shavlik Protect deploys the patch, however, it will write its own registry key to the remote system. This data is encrypted to prevent tampering. So, even if the patch doesn't normally write a registry key during deployment (SQL Patches, Office patches, etc), Shavlik Protect will write a registry key that is then read by the scanner during the assessment phase. The application can read that all these patches are installed, what account was used to install the application, and when the patch was installed. This information is displayed on the patch details panel as well as a mouse over on 'Patch Found' text in the patch summary pane.
- The registry key must exist on the system being scanned.
All the files in the patch (as defined by the XML file) that were written to the remote system must be equal to or greater than the file versions recorded in the XML file. If any of the file versions on the remote system are below what is expected, the patch is considered not installed even if the registry key is present.
Shavlik Protect can also scan for 'effectively installed patches.' A common case is when you install a single patch that replaces (supersedes) other patches. In this circumstance, the patches that were not installed but that have been replaced by the newer patch are considered effectively installed since you have at least the expected file version or greater for each of the files. For example, suppose you install a new Windows machine and then install a patch that replaces 20 earlier patches. While you've only 'installed' one patch, you've effectively installed 20 other patches.
Note: This information can also be found in the Help files of Shavlik Protect.
More information about the scan detection process in Protect can be found here: http://community.shavlik.com/docs/DOC-2259
Shavlik Protect 9.x
vCenter Protect 8.x