Purpose
An explanation of why Shavlik Protect patch scan results may show different patches needed than when running a Windows Update.
Solution
Shavlik Protect uses different detection logic to scan for patches than Windows Update and other patch vendors.A Windows Update scan has the ability to show missing Security Patches, Non-Security Patches, Security Tools, driver updates, and sometimes patches that aren't publicly downloadable.
Depending on what Scan Template you are using in Protect, the results will vary. The built-in security patch scan will only show missing security patches. The built-in WU scan will show missing security patches and non-security patches. And please note - we don't always include all non-security patches in our XML data right away either, as security patches take precedence.
You can always create a Custom Scan Template, and check security patches, non-security patches, and security tools for the most robust scan with Protect.
Shavlik uses a variety of methods to see if a target machine needs a patch. The process is detailed in the document "Explanation of how patch scanning detection works with Shavlik Protect" which can be found here:http://community.shavlik.com/docs/DOC-2259.
Administrators can view files and registry entry criteria by searching for the patch in View > Patchesof the Shavlik Protect Console main menu.
See this online help file for more information on using Patch View:
http://www.shavlik.com/onlinehelp/Protect90HTMLHelp/Viewing_Patch_Details_(Patch_View).htm
There is also a difference in how Protect displays criticality and vendor severity. See this document for further information concerning this:
Understanding patch severity in a Shavlik Protect patch scan and why it may differ from Windows Update
Affected Product(s)
Shavlik Protect 9.x