This document is intended to show how to view and understand detection criteria for supported patches within Shavlik Protect.
Viewing the reason that a patch is found missing within a Scan Result
If you want to see the specific detection criteria that Protect used to determine a patch was found missing, you can do so following these steps.
There are two methods of getting to point where you can view the scan result.
1) Within Operations Monitor, when a scan is complete - click on '6.View complete results' to open the scan result.
2) Click the main drop-down menu for Protect (in the upper left corner), then choose 'Results'.
Click on the specific scan result you wish to view.
Either option will bring you to a the scan result screen, such as seen below.
To view the reason a patch was found missing:
1) Open the scan result with the steps above.
2) In the 'Patches' section of the scan result, click and highlight the patch you wish to view.
3) Ensure the 'Patch Information' tab is selected in the bottom section of the scan result.
4) There is a section that will display the reason Protect found the patch as missing.
Generally you will see one of the two following types of reasons:
- "File version is less than expected: PathToFile\file.dll 1.0 < 2.0" indicating the file is found but not at the required version for the patch to be considered installed.
- "File not found PathToFile\file.dll 2.0" indicating Protect detected the product to which the patch applies existing on the system, but a file that needs to be updated was not found on the system.
- "The registry key 'xxx' does not exist. It is required for this patch to be considered installed." indicating Protect found the product to which the patch applies existing on the system, but the registry key indicating this patch is installed does not currently exist on the system as expected.
- "The registry key 'xxx' should have a value of '1.1' It has a value of '1.0'." indicating Protect found the expeccted registry key, but the value of the registry key is not at the required value for the patch to be considered installed.
- If no reason is shown for the missing patch - This indicates that Protect is using what we refer to as a "patch script" to determine if the patch is missing. When using a patch script Protect is unable to provide the reason within the scan results.
Viewing Detection Criteria by Looking Up patches in Patch View
You can also look up individual patches and see the basic detection criteria for a patch using Patch View in Protect.
1) Go to View > Patches.
2) Search for the patch you want to find. In the example below I just searched "Firefox", then scrolled to FireFox 33.1 and expanded the view. You can also type a bulletin ID or KB number into the search box to be more specific.
3) Click and highlight the patch, and then ensure the bottom section is on the 'Patch Information' tab.
4) Within the Patch Information tab you will see the detection criteria listed at the bottom. This may display one or all of the following:
- Registry Key - The registry key required to determine the patch is installed
- Registry Value - The corresponding value of the registry required for the patch to be considered installed. (Not always needed)
- File Name - The name of a file required for the patch to be considered installed.
- Version - The corresponding version number of the file for the patch to be considered installed.
- File Location - The path where Protect is attempting to find the file. Generally listed using a variable path.
It is worth noting that Protect's detection logic is not the same as other patch scanners or even Windows Update. You should not expect the exact same results.
Refer to these documents for more information:
Shavlik Protect, All Versions