Pros and Cons of Agent and Agentless Implementations

Version 4



    The purpose of this article is to go over the pros and cons of Shavlik Protect's agentless and agent features. This may help in deciding what solutions are best for your environment and how to implement these solutions.







    Pros Cons Pros Cons

    Able to patch target machines off-network through Protect cloud

    Protect Cloud Overview - FAQ

    Only able to see results of scans in Protect console through Machine View

    Where to View Protect Agent Scan\Deployments Results

    You can also see results of scans through one of our reports Available Reports

    Scan/Deployment Templates

    Patch Scanning & Deployment Best Practices - Configuring Patch Scan Templates and Filtering Options

    Manual scans show in Operations Monitor

    About the Operations Monitor

    Service Packs must be deployed to target machines one at a time

    Shavlik Protect Agentless Service Pack Deployment Guidelines

    Run a patch task on boot if job is missed (offline, disconnected. Etc.)

    How To: Configure an Agent Policy to Run a Patch Task on Boot if the Schedule Is Missed

    Patch tasks run on policy that must be updated on Protect console

    Agent Policy Walk Through - Patch Tab

    Patch Groups

    Video- How to Create a Patch Group and Scan Template

    Track manual deployments to multiple target machines through Deployment Tracker

    Deciphering Shavlik Protect Deployment Tracker Status Messages

    If target machine encounters an error with a scan or deployment then the job must be rescheduled

    (No run on boot if job is missed)

    Running an Operation

    Less ports are required to be open for agent to work

    Port Requirements for Ivanti Patch for Windows Servers (Formerly Shavlik Protect)

    Agent creates a point of failure (will require troubleshooting for processes to work properly)

    Distribution Servers

    How To: Configure a UNC based Distribution Server

    All results and errors are found in logs and Results View in Protect console

    End users cannot manually kick of scans or deployments

    Agent scans do not use up network resources

    Patch Scanning & Deployment Best Practices - Considerations

    Must look at logs and Agent GUI for errors

    How To: Gather console, patch deployment and agent logs for Ivanti Patch for Windows Servers

    Results roll-up to central console and reports account for all patches (based on successful scans/deployments/check-ins)

    Remote Dialog option available for patch deployments

    Patch Scanning & Deployment Best Practices - Configuring Patch Deployment Templates

    Must meet all prerequisites

    Agentless Patch Scanning Prerequisites

    Remote Registry does not have to be enabled for scans to work

    Protect Patch Scan Fails With: Error 501 - Remote Registry Access Denied

    Not able to use Custom Action feature

    Can You Use Custom Actions With Agents?

    Custom Patches

    How To: Create a Custom Patch

    Able to use Custom Actions feature

    How To: Perform a Custom Action Complete Tutorial with Custom Actions

    Requires network traffic to scan and deploy patches

    When Should I Use Agentless and Agent-based Solutions?

    End users can manually enable patch tasks

    Initiating a Task with an Off-Network Protect Cloud Agent

    Asset & Power scans are available

    Protect Console can push patches to machines

    Console Push vs Distribution Server

    Target machines cannot download patches from vendor over Internet

    (Must come from console push or distribution server; console downloads from vendor website)

    Console Push or Distribution Server

    Ability to deploy Service Packs automatically (and limit the number of deployments per day)

    How To: Automated Service Pack Deployment with Agents

    More control over patches deployed and processes for patch deployment

    (Agent Policy deploys any patches shown as Missing from scan if there is a "Deploy Patches" task)

    Patch Scanning And Deployment Best Practices Guide (Agentless)

    Allows patches to download from vendor over internet

    Agent Policy Walk Through - General Settings Tab

    No installer is needed on target machines

    Patch Scanning & Deployment Best Practices - Successfully Running Agentless Patch Scans & Deployments


    Additional Information


    A target machine can have an Agent installed on it and can be scanned agentlessly as well.



    Please see the following articles for more information:








    Affected Product(s)


    Shavlk Protect 9.X