Purpose

This document outlines how to run a DPDTrace. This may be necessary when troubleshooting detection issues.

Steps

DPD stands for Dynamic Product Detection.  It’s the method our scan engine uses to determine what supported products are installed on the machine. This tool was created for troubleshooting patch scan issues where we need to know what is going on during the DPD process.

.Net Framework v4.0.30319 or newer needs to be installed for this to work

1. Download DPDTrace.zip and extract the file into a folder on the root of C:\
2. Read Disclaimer.txt.
3. Open a Command Prompt and change directory to C:\DPDTrace

4. Enter the following command, replacing {MACHINE_NAME} {ADMIN_USER_NAME} {PASSWORD} and {PATCHTYPE} with corresponding values. ({MACHINE_NAME} has to be the Target machine that is having the detection problem

          DPDTrace.bat {MACHINE_NAME} {ADMIN_USER_NAME} {PASSWORD} {PATCHTYPE}

5.      When the command line is run, a window titled 'Rename HF.1 Log' will appear with an OK button. Do not close this window as the scan continues.

6.    When the scan has completed the command prompt window will say 'Test Complete  Please zip up HFCLi folder and send it back to us'. Please verify that an XML document has been created in the HFCLI folder. If it has, please zip up the directory "C:\DPDTrace\HFCLI" and send it back for analysis.

Additional Information

Please include the following registry exports from the target machine.  This will not only save time, it will also greatly increase our chances of determining the root cause of the detection issue and correcting it.

• HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432\Microsoft\Windows\CurrentVersion\Uninstall
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
• HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products

Affected Products

All

Purpose

This document will provide information about how to obtain information about Shavlik's XML updates (patch definitions).

Description

Generally the Shavlik content team will provide patch definition updates every Tuesday and Thursday. However, there are three easy sources that can be used to see when new XML updates (patch definitions) are released.

1) XML Announcements Sign up: http://www.shavlik.com/support/xmlsubscribe/

You can sign up to receive Shavlik Protect content (patch definition) email notifications here.

2) Patch Data Information Blog Page: http://protect7.shavlik.com/

This web page displays all patch definitions released by the Shavlik content team for the Protect application.

3) Patch Data Information RSS Feed: http://protect7.shavlik.com/feed/

All the same information as protect7.shavlik.com in an RSS feed.

4) Patch Data Information Twitter: https://twitter.com/ShavlikXML

This Twitter account is updated every time an XML release is put out. This is a good alternative to recieving email notifications, depending upon your preferences.

Affected Product(s)

Shavlik Protect 9.x

Shavlik Protect SDK

Purpose

Our Development team is always excited to hear what new ideas you have for our product!  Each and every idea is reviewed and given serious thought on if and how your idea could be implemented. Here is how you can let us know!

Steps

There are 2 ways of submitting a feature request. The first is through Protect. This can be done by going to Help-> Submit a Feature Request.

The Second is by going directly to this link. Here you can give your ideas.

https://www.accompa.com/featureidea.html?fname=shavlik

Affected Product(s)

All

Symptoms

Protect is detecting a Patch that should not be detected as missing.

Resolution

Before performing the following, please update to the latest XML data by going to Help > Refresh Files and them perform another scan against the machine(s). This issue might be fixed in a later XML release than you are currently using.

From The Protect Console:

1. Click on Results tab.

2. Choose the most recent scancontaining the specific patch.

3. Click on the machine containing the specific patch.

4. Click on the specific patch.

5. View why Protect detects the patch as missing.

6. Click on the linked Qnumber to be taking to documentation regarding this patch. Most of the time this will include the detection logic.

7. Browse to the location referenced in step 5 to verify the information found in step 5 and 6.

See below for more information.

Also note the Downloaded File name.

On the Target:

Browse to C:Windows\ProPatches\Patches and find the specific patch. If you have previously deployed this patch and it failed, manually try to run the patch.

Take any screenshots of any errors such as the one below.

Information to Send to Support

If you experience these errors, please create a support case at support.shavlik.com or by calling into support. If you choose to call into support, please gather this information before calling in.

Gather the following information:

Before doing the following, please download the latest XML data by going to Help-Refresh Files.

• The Bulletin ID & Qnumber of the patch in question. This information can be found in Step 4 above.

• Clear your logs, and do a rescan and/or deployment.then gather the log. Please do this by following this guide for console logs:community.shavlik.com/docs/DOC-22921

• A DPD Trace gives more information on how Protect detects certain patches.

      Please gather a DPD trace on the target machine by following this guide:DPDTrace Logging Tool Used For Patch Detection Issues

• Screenshots from Step 5 from the console, Step 7 from the target and if applicable, the error when the patch is manually installed.

• (optional, but helpful) An Export of the following registry keys from the target system:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
  • HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432\Microsoft\Windows\CurrentVersion\Uninstall.
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products

Affected Product(s)

Shavlik Protect 9.x

Setting up a custom deploy for just for this version but I am not seeing the latest version in the patch template. How do I get that imported into Shavlik?

Purpose

This document outlines how to use Custom Actions to uninstall applications from a target machine.

Note: Uninstalling programs is done at users own risk. The following method utilizes the built in uninstaller of the program. Shavlik has no control or information on what will be removed when a program is uninstalled in this manner.

Locate Uninstall Command

WARNING: When dealing with the registry it is always good practice to make a backup of the registry first.

http://windows.microsoft.com/en-us/windows-vista/back-up-the-registry

Note: This document will use 7-Zip as an example.

When an application is installed it will typically create a registry key under:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
-or-
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall

Locate the program's entry within this hive.

Example: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{23170F69-40C1-2702-0920-000001000000}

The registry key entry should contain a value called: UninstallString

Right click this value, and choose Modify. In the Edit String box that appears, copy the Value Data:

The UninstallString can be run in a command prompt window to uninstall a program. Because of this we can similarly pass the string as a Custom Action through Protect.

Custom Action

This custom action uses the MsiExec.exe to delete a file. Because Custom Actions are run as the Local System account, they must be run in a silent/unattended/quiet mode as no prompts will show up on a target machine for a user.

1. Create a NewDeployment Template;enter a Name for theTemplate, andSaveit.
   1. Alternatively - open an existingDeployment Templateyou wish to modify.
2. Click theCustomActionstab.
3. Click theNewoption.

4. In the Custom Actions window, leave Step 1 as 'All deployments using this template', Step 2 will remain disabled, Step 3 set to 'Before any patches', and Step 4 enter the UninstallString copied earlier.

Note: Make sure to include a silent switch in the string, or while uninstalling, it will hang because of an unacknowledged prompt.
Note: Multiple commands can be placed into a batch file. If using this method, 'push' the batch file first in the custom action, then run the batch file.

Example:MsiExec.exe  /quiet /norestart {23170F69-40C1-2702-0920-000001000000}

This will uninstall 7-Zip from the target machine with no user interaction (/quiet) and with no reboot after (/norestart).

5. Deploy the null patch (or use with any other patch deployment) and before the patches are installed the command to delete the specific file will execute.

MsiExec.exe Info

Here is additional information and parameters that can be used when calling MsiExec.exe:

These are found by opening Command Prompt and entering: MsiExec.exe /?

msiexec /Option <Required Parameter> [Optional Parameter]

Install Options
    </package | /i> <Product.msi>
        Installs or configures a product
    /a <Product.msi>
        Administrative install - Installs a product on the network
    /j<u|m> <Product.msi> [/t <Transform List>] [/g <Language ID>]
        Advertises a product - m to all users, u to current user
    </uninstall | /x> <Product.msi | ProductCode>
        Uninstalls the product
Display Options
    /quiet
        Quiet mode, no user interaction
    /passive
        Unattended mode - progress bar only
    /q[n|b|r|f]
        Sets user interface level
        n - No UI
        b - Basic UI
        r - Reduced UI
        f - Full UI (default)
    /help
        Help information
Restart Options
    /norestart
        Do not restart after the installation is complete
    /promptrestart
        Prompts the user for restart if necessary
    /forcerestart
        Always restart the computer after installation
Logging Options
    /l[i|w|e|a|r|u|c|m|o|p|v|x|+|!|*] <LogFile>
        i - Status messages
        w - Nonfatal warnings
        e - All error messages
        a - Start up of actions
        r - Action-specific records
        u - User requests
        c - Initial UI parameters
        m - Out-of-memory or fatal exit information
        o - Out-of-disk-space messages
        p - Terminal properties
        v - Verbose output
        x - Extra debugging information
        + - Append to existing log file
        ! - Flush each line to the log
        * - Log all information, except for v and x options
    /log <LogFile>
        Equivalent of /l* <LogFile>
Update Options
    /update <Update1.msp>[;Update2.msp]
        Applies update(s)
    /uninstall <PatchCodeGuid>[;Update2.msp] /package <Product.msi | ProductCode>
        Remove update(s) for a product
Repair Options
    /f[p|e|c|m|s|o|d|a|u|v] <Product.msi | ProductCode>
        Repairs a product
        p - only if file is missing
        o - if file is missing or an older version is installed (default)
        e - if file is missing or an equal or older version is installed
        d - if file is missing or a different version is installed
        c - if file is missing or checksum does not match the calculated value
        a - forces all files to be reinstalled
        u - all required user-specific registry entries (default)
        m - all required computer-specific registry entries (default)
        s - all existing shortcuts (default)
        v - runs from source and recaches local package
Setting Public Properties
    [PROPERTY=PropertyValue]

Consult the Windows ® Installer SDK for additional documentation on the
command line syntax.

Copyright © Microsoft Corporation. All rights reserved.
Portions of this software are based in part on the work of the Independent JPEG Group.

Affected Product(s)

Protect Versions: All

Purpose

This document describes how to use database views within SQL Server database queries to generate custom reports for Shavlik Protect.

When you install Shavlik Protect it creates a number of defined views in the Protect SQL Server database. You can reference these views within custom queries that you write to extract exactly the information you want. By executing the custom queries and exporting the results to the format of your choice you effectively create your own customized reports for Shavlik Protect.

The benefits of writing your own database queries are:

     • You can mine the Protect database for the exact information you want.

     You can go beyond the predefined reports provided within Shavlik Protect. While the predefined reports are sufficient for many organizations, you may have the need to      produce one or more custom reports that provide more specific information about the status of your machines.

     • You can export the query results and present the information in the format of your choosing.

     You can, of course, opt to write custom queries without using the Protect views. When you add the use of Protect views to your custom queries, however, you gain a number           of other benefits:

     • The view schemas will not change in future versions of Shavlik Protect.

Future versions of Shavlik Protect may modify the tables in the database. By referencing Protect views in your queries rather than the tables, you will be guaranteed that your custom queries will not break when upgrading to future versions.

     • The queries are not as complex and are easier to write.

     The views do some of the work for you. Your custom queries will not need to reference as many Protect database tables. The views join multiple tables to gather relevant           information and they pull different columns from multiple tables.

     • Shavlik will continue to build out the Protect views in future versions, providing greater capabilities.

     • Custom queries can be shared by trusted members of the Shavlik community.

The process for creating a custom report is as follows:

1. Familiarize yourself with the SQL Server database views that are provided with Shavlik Protect.

2. Write a database query that references the Shavlik Protect views and that generates the information you want.

3. Export the query results into the user-friendly format of your choosing.

Affected Products

Protect Version 9.1 and later

We have an Automated server build process and I have been manually adding patches to the build each month.  We use Shavlik and I was wondering if there is a way and what it might be, to initiate a scan and patch, from the build?  Would I need to load an agent in the build, or is there a way to connect to the shavlik console via command line / Powershell?

Curious as to how this works. When I run a scan it will show you things that need to be updated. For example Java and Adobe (latest being 16 for adobe and 8 for java) but instead of taking it up to the latest version it just patches it. Why not upgrade it to the latest? And my second question is how can I just update my systems to the latest? I dont want to just patch Id rather some systems ran the latest versions

I've recently started adding new remote domains to our shavlik console. Each remote domain gets it's own machine group.

Intially I just added the domain to the machine group and deployed the agent and walked away. After doing this a handful of remote sites I noticed that in the machine view the new devices weren't listed under the machine group, but found out if you do a scan of that machine group once they'll appear there.

This scan of the remote machines seems to be designed terribly as it's sending back all dll's and such for comparison. Because of this it's consuming a TON of bandwidth which I don't think is necessary.

Is there a way to get machines to appear under a machine group without scanning that machine group?

Why would a scan need to transfer all these files back to the console instead of just doing a compare at the machine itself?

Is there a way to do a smaller scan that won't need to transfer as much data?

Issue

Agents fails to take snapshots during the patch deployments process.

Cause

Shavlik Protect agents are unable to take snapshots.  In order to take snapshots, the machine must be scanned as a Hosted Virtual Machine which cannot be done through agents.

Resolution

You will need to add the VM as a Hosted Virtual Machine in to a Machine Group and then scan and deploy from the Console.

Addition Information

Virtual Machine Template Patching Requirements & Informational Document

Affected Product

Protect all versions

Purpose

Shavlik Protect, by default, obtains essential data files- definitions, patch files, etc. over an internet connection from an online source. In some environments an authenticated proxy configuration may require users to use a username and password to obtain access to the internet. This document describes how to configure Shavlik Protect to work properly over an authenticated proxy.

Description

Shavlik Protect Proxy Options

To access the menu in Protect where the Proxy Settings can be defined, go to Tools > Options > Proxy.

The Proxy Options menu allows you to modify the proxy settings used by Shavlik Protect when accessing the Internet using your Web browser. In general, Shavlik Protect checks the proxy settings in Internet Explorer and conducts an Internet connectivity test to determine whether or not proxy server settings are necessary. If Shavlik Protect is unable to access the Internet using these settings, or if you are required to enter a user name and password each time you launch your browser and browse the Internet, you will need to configure the proxy options in this menu.

Determining Whether Proxy Settings are Needed

The Do I need proxy info button is provided as a means of testing whether your system requires proxy configuration. To see if Shavlik Protect can use your current Internet Explorer proxy settings to access the Internet and perform other operations, click this button. If the test is successful then nothing further is required. If the test fails it typically means you utilize authorization and you need to modify your proxy settings by specifying console and service credentials.

Enabling Authenticated Proxy in Protect/Specifying Credentials

To enable the proxy settings simply click the Use Proxy check box. If enabled, indicates that you will supply proxy credentials and allows you to specify user name and password information. If you clear the check box after specifying credentials, the credentials will be saved but not used.

There is a place to enter both proxy credentials for the console to use as well as the services associated with Shavlik.

In the console credentials drop down box select the credential (the user name and password pair) you use when accessing the Internet with your Web browser. It may be necessary to specify a domain as part of your user name (for example: mydomain\my.name). There may be multiple credentials available here for selection, one for each of your Shavlik Protect administrators.

For the service credentials, select the credential (the user name and password pair) used by the program service when accessing the Internet. The same service credential can be used by different administrators.

Note: Only shared credentials are contained in this list. If the credential you are looking for is not listed it probably means it is not defined as a shared credential. See Defining Credentials for information on how to share a credential.

To test that the console can connect over the proxy after specifying these credentials, simply click the Test button to the right of the console credentials.

Additional Information

Shavlik Protect firewall and proxy exceptions URL list

Shavlik Protect Inbound and Outbound Port Requirements Explanations

Affected Product(s)

Shavlik Protect 9.x

Purpose

This article provides agent-less patch scanning prerequisites for Shavlik Protect.

Description

Scanning Prerequisites

The following criteria must be met to ensure a successful patch scan:

• You must be an administrator on the targeted machine.
• Credentials must be provided for the targeted machine.
• The console machine must be capable of obtaining the patch database XML file, either from a location on the Internet (via http or https) or from another specified location (either on the local machine or from a specified network location).
• You must have local administrative rights on the remote machine and be able to logon to this machine from the workstation performing the scan.
• The credentials you supply must have access to the control panel on the target machine. If control panel access is disabled through group policy, Protect will be unable to connect to the target machine.
• File and Print Sharing must be enabled.
• The NetBIOS (tcp139) or Direct Host (tcp445) ports must be accessible on the remote machine.
• The remote machine must be running the Server service.

  Note: The Workstation service is not required to be started on the remote machine.

• The remote machine must be running the Remote Registry service.

Note: The remote registry service is disabled by default on Windows Vista & 7 machines. You must enable the remote registry service (either manually or via group policy) before performing remote scans of Windows Vista/7 machines.

• The %systemroot% share (usually C$ or similar) must be accessible on the remote machine.
• For machines using Windows operating systems that employ the use of User Account Control (this includes Windows Vista or later and Windows Server 2008 or later), you must either:
  • Join the machines to a domain and then perform the scan using domain administrator credentials, or
  • If you are not using the built-in Administrator account on the remote machines (and using that account is NOT recommended), you must disable User Account Control (UAC) remote restrictions on the machines. To do this:
    1. Click Start, click Run, type regedit, and then press Enter.
    2. Locate and then click the following registry subkey:

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

3. If the LocalAccountTokenFilterPolicy registry entry does not exist, follow these steps:

a. On the Edit menu, point to New, and then click DWORD Value.b. Type LocalAccountTokenFilterPolicy and then press Enter.

4. Right-click LocalAccountTokenFilterPolicy and then click OK.
5. In the Value data box, type 1, and then click OK.
6. Exit Registry Editor.

For more details on disabling UAC remote restrictions, see http://support.microsoft.com/kb/951016

Special note regarding Simple File Sharing

When Simple File Sharing is enabled, remote administration and remote registry editing does not work as expected from a remote computer and connections to administrative shares (such as C$) do not work because all remote users authenticate as Guest. Guest accounts do not have administrative privileges.

On Windows XP Professional or later operating systems, go to the following Microsoft Knowledge Base article to learn more about this feature and how to disable Simple File Sharing:

http://support.microsoft.com/default.aspx?scid=kb;en-us;304040

If you are running Windows XP Home Edition, Simple File Sharing cannot be disabled (Microsoft states that it is as designed) so remote scanning will not work on this operating system.

Additional Information

• This information can be found within the Protect Help:
  • Help > Contents > Agentless Patch Management Tasks > Performing Patch Scans > Scanning Prerequisites
• If you receive a scan error message, refer to the following document for assistance troubleshooting: http://community.shavlik.com/docs/DOC-2159

Affected Product(s)

Shavlik Protect 9.x

Purpose

This document provides information about the status of support for Adobe Illustrator 16.0.5 in Shavlik Protect.

Description

Adobe Illustrator 16.0.5 cannot be supported in Shavlik Protect.

The reason for this is because there is not actually an installer for this update, and Protect's deployment process currently requires the use of an installer package.

The update entails manual replacement of a file.

Please refer to this page:

http://helpx.adobe.com/security/products/illustrator/apsb14-11/_jcr_content/main-pars/download/file.res/Install%20Instructions%20for%20Illustrator%20CS6%20Hotfix.pdf

You can see the procedure to get this 'update' in place is to manually copy the file into directory. There's no actual update installer to run inside the zip.

Affected Product(s)

Shavlik Protect 9.x

This is happening on all of our systems that run the Shavlik Agent.

Read more here: Vipre creating thousands of SBS_STDRL temp files :: KW Support & Consulting LLC

Symptoms

When attempting to activate a new Shavlik Protect console, or reactivate an existing one, an error message appears in the bottom left hand corner of the Shavlik Protect Activation window, " No activations available".

Such an error indicates that the console will be unable to activate successfully.

Cause

This issue results from the number of console activations associated with the license key having been exceeded.

By default, the license includes a certain number of activations and this error indicates that this allotment has been exceeded. Unless this count is increased the console will not be able to be activated.

Resolution

To resolve the issue, administrators will need to contact support to discuss increasing the number of console activations. Please have your activation key copied and ready to email/provide to the support representative.

Contact information for support:

http://www.shavlik.com/support/contact/

Additional Information

How to: Managing License seat usage with Shavlik Protect

How to activate or renew Shavlik Protect console - Licensing

Contact Information For License Renewals\Sales

Affected Product(s)

Shavlik Protect 9.x

Case:

very secure environment. (no internet connection, PCI etc)

My plan was to take servers offline, scan and deploy, then take it online again.

For full automatic process I guess I need scripting taking servers offline and online again after deployment...?

Then I can use the main console to do the patching,  Anyone done this before. (Scripting maybe to take servers offline and online????)

// E Rahd

Purpose

This document shows how to enable the "Remove Temp files" feature to set up automatic removal (cleanup) of patch installer files after deployment with Shavlik Protect.

Description

If you want to have the patch or update installer files removed from systems after installation has completed, you can do so using this feature built into Protect.

This will perform a removal of all files in C:\Windows\Propatches\Patches at the end of patch deployment.

To set this up:

1) You will need to go to New > Deployment Template to create a custom template.

2) On the General tab, under Deployment Actions > After, place a check next to 'Remove Temp files'.

3) This is the only required change to the template. You can modify other settings as needed. Save when done.

4) When you are in the "Run Operation" or "Deployment Configuration" screens, choose to use this deployment template whenever you want patch files to be removed from systems right after the installation of patches completes.

Additional Information

Protect Help - Creating a Deployment Template

Training Video: Scan & Deploy Patches

Affected Product(s)

Shavlik Protect 9.x

Purpose

This document covers how to manually synchronize a Distribution Server. This process is useful in the event you wish to initiate a synchronizationwithout waiting for previously scheduled tasks to complete or altering an existing schedule. The manual synchronization will run as a background task and will not affect the ability to continue using the console.

Description

1. If you are manually synchronizing the scan engines and XML data files, make sure you have the latest files on the console by selectingHelp > Refresh Files. This will download the latest files from the location specified on theTools > Operations > Downloadspage within Protect. The default locations for these data files are shown below:

      Protect 9:

• On Windows Vista and other newer operating systems:C:\ProgramData\LANDesk\Shavlik Protect\Console\DataFiles
• On earlier Windows operating systems like Windows XP:C:\Documents and Settings\All Users\Application Data\LANDesk\Shavlik Protect\Console\DataFiles

2. If you are manually synchronizing patches, make sure the console's patch download directory contains all the patches you want on your distribution server(s). The patches are contained in the default patches directory:

      Protect 9:

• On Windows Vista and other newer operating systems:C:\ProgramData\LANDesk\Shavlik Protect\Console\Patches
• On earlier Windows operating systems like Windows XP:C:\Documents and Settings\All Users\Application Data\LANDesk\Shavlik Protect\Console\Patches

3.  Within the Protect Console click onTools > Operations > Distribution Servers.

4.  In theScheduled automatic synchronizationpane, select one or more scheduled synchronization entries.

      Note: To synchronize all data, all three synchronization tasks must be selcted.

5.  ClickRun now.

This will immediately copy all appropriate files from the console to the specified distribution server(s). The process will run in the background of Protect. You may check the status by viewing the event history atView > Event History.

Affected Product(s)

Shavlik Protect 9.x

Purpose

This document is meant to help administrators identify information about scheduled patch scans in Shavlik. In Shavlik Protect, jobs that have been scheduled or are recurring can be found in the Scheduled Task Manager (To open, go to View > Scheduled Tasks). The scheduled jobs in this screen do not contain a lot of readily accessible information. Some administrators may wish to identify what scan template the scheduled job uses, to know whether the job is set to deploy, etc. thus knowing how to read this information can be quite helpful.

Description

The information in the scheduled jobs references information contained within the Protect database. Following these instructions will help administrators identify the scan template used by the scheduled jobs.

Instructions:

1) In Protect go to Manage > Scheduled Tasks to open the Scheduled Task Manager.

2) Right click on your protect console system, then choose "Refresh Selected".

All scheduled scans are set up on the Protect console system. Scheduled deployments can be found under the target machines.

3) In the jobs tab on the right you should see any jobs that are still waiting to run in the list. Locate the scheduled scan that you wish to find out more information about on the right pane, and click on it to bring up more information about the scheduled job.

*Note: Scheduled jobs that were previously run will be listed under the "Log" tab.

4) Locate the patchscan ID parameter.

This is listed next to "Parameters" in the scheduled job information. In the example here, the patchscan ID is 3019. You will need this information for the next step. The image below illustrates where to look for this:

5) Download the attached SQL queries.

6) You will need to first modify obtainSchdScanInfo_1.sql. You can do this within any text editor or by opening the sql script in SQL management studio. Change the following line within the sql script so that it contains your patch scan ID from step 4.

Example:

WHERE ScanID = 3019

This will ensure that the query selects the information for your scheduled scan.

**Note**: You may also need to change the line "FROM [Protect].[dbo].[Scans]" to: 'FROM [yourDatabaseName].[dbo].[Scans]' where yourDatabaseName is the name you have given the Protect database.

7) Run the query obtainSchdScanInfo_1.sql against your Protect database using SQL Server Management Studio.

After you run obtainSchdScanInfo_1.sql against your database you should receive a result containing information about the scheduled scan. The main piece of information you will need to find out what scan template is being used is the value of the column 'ScanTemplateID'. The value of this column will be needed to continue to the next step.

**Note**: If you are trying to look for this information on a scheduled asset scan you will need to use the value of the 'AssetScanTemplateID' column.

8. You will need to modify obtainSchdScanInfo_2.sql. You can do this within any text editor or by opening the sql script in SQL management studio. Change the following line within the sql script so that it contains your ScanTemplateID from step 7.

WHERE scantID = x

x = ScanTemplateID obtained from step 7

**Note**: You may also need to change the line "FROM [Protect].[dbo].[Scans]" to: 'FROM [yourDatabaseName].[dbo].[Scans]' where yourDatabaseName is the name you have given the Protect database.

9. Run the query obtainSchdScanInfo_2.sql against your Protect database using SQL Server Management Studio.

After you run obtainSchdScanInfo_2.sql against your database it will return information about the scan template that you are current set to use for the scheduled job including the name of the scan template being used

Additional Information

Download links for Microsoft SQL Management Studio Express editions

Affected Product(s)

Shavlik Protect 9.x