Creating or Editing a Patch Scan Template

Do one of the following:

This will display the Patch Scan Template dialog box as shown below.

Tip:  To speed the template creation process, copy an existing template that is similar to the one you want to create. The contents of the copied template will be populated in the new Patch Scan Template dialog and you can simply modify the appropriate items. You copy an existing template by selecting it in the Patch Scan Templates pane and then, in the summary section of the template in the right-hand pane, clicking Copy.

The Patch Scanning Template dialog contains several tabs that collectively define the characteristics of a particular scan template.



The name that you wish to assign to this scan template.


A description of the template.

Filtering tab

There are four different filters available on this tab.

Note: Be careful when using the Skip Selected filter option. If you skip a patch that replaces another patch, the program will now scan for the replaced patch. This is done on purpose to avoid any unintentional vulnerabilities. If the intended consequence of skipping a patch is to not automatically deploy it or the related patches, then all the patches in the chain of replaced patches must also be skipped.

  • Product filter: Scan for or skip patches for the selected products. If you do not wish to use this particular filter, specify Scan All.

  • Patch filter settings: Either scan for or skip the patches listed in the specified text file and/or patch groups. If you do not wish to use this particular filter, specify Scan All.

  • File: Specify a text file that contains the list of patches you want to scan for or skip. The text file must contain just the QNumbers associated with each patch, one entry per line. For an example text file, see Implementing an Unattended Console Configuration.

  • Patch group(s): Specify one or more patch groups that contain the patches you want to scan for or skip.

  • Patch type filter settings: Specify the types of patches you will scan for or skip.  The options are:

  • Custom Actions: Enables you to perform custom actions even if you are already fully patched. It does this by scanning for a specific QNumber and patch (QSK2745, MSST-001) that will never be found. The process uses the temporary file Nullpatch.exe.

  • Non-security Patches: Vendor patches that fix known software problems that are not security issues.

  • Security Patches: Security bulletin related patches

  • Security Tools: Updates for security tools such as Windows Defender and Windows Malicious Software Removal Tool. Also includes certificate updates and hotfixes for known security risks that are not yet fully supported by a security bulletin.

  • Criticality filter settings: What user-assigned criticality level -- Ignore, Low, Medium, High, Critical -- should the scanner either skip or include (at or below the specified level).  If you do not wish to use this particular filter, specify Scan All.

Note: If you use multiple filters, the order of precedence is as follows:

Product filter: This filter takes precedence over all other filters. If you elect to scan or skip one or more specific products, those products will be scanned or skipped regardless of how the other filters are configured.

2) Skip Selected:
Any patches that are specified as Skip Selected on any of the three remaining filters (Patch filter, Patch Type filter, and/or Criticality filter) will be excluded from the scan. (But see the note above about replaced patches.)

3) Scan Selected:
If any patches are specified as Scan Selected on any of the three remaining filters (Patch filter, Patch Type filter, and/or Criticality filter), then only those patches will be included in the scan.

General tab

  • Scan For: During the scanning process, you can choose to scan for just missing patches or for both missing and installed patches.  When scanning for both missing and installed patches, you can include effectively installed patches in the results.  These are patches that replace other patches.  See Effectively Installed Patches and Determining Patch Replacements for more information.

Note: The following options apply only to the console, not to agents that may also be using this template.

  • Simultaneous machines scanned: Specify if you want to simultaneously scan a few machines or many machines. Shavlik Protect can scan up to 256 machines at a time. The more machines you scan at the same time the more network resources that are required. Reduce this number if you are scanning over a slow link.

Software Distribution tab

This tab enables you to specify if you want to scan for free third-party products that can be deployed by Shavlik Protect . Use the vertical scroll bar to view the complete list of third-party products supported by Shavlik Protect .

The products that will be displayed are those that are available for the operating system being used on the scanned machine. If you want to include or skip reporting on a particular product, create a patch group that contains the desired product and then reference the patch group in the Patch filter settings area of the Filtering tab.

E-Mail tab

Note: This tab applies only to agentless scans initiated from the console; it does not apply to agents that may also be using this template.

This tab enables you to specify which reports should be automatically sent and to whom the reports should get sent. The specified reports will be sent when a scan using this template is completed.

There are many different reports that can get sent. To understand what a particular report contains, click on the report in the list and view its description immediately below the list.

To specify which reports should be automatically sent and to whom they should be sent:

Note:  New templates must be saved before you can perform these steps.

  1. Select a report in the Reports list.

  2. In the Report Recipients list, select the groups and/or individuals you want to e-mail the report to.

  3. Repeat Step 1 and Step 2 for each report you want to be automatically sent.

  4. When finished, click Save.


Used by tab

This tab shows you the Favorites and agent policies that are currently using this scan template. This is important to know if you are considering modifying the template, as it tells you what other areas of the program are affected.


To save the template click Save and then Close. To close the dialog without saving the changes Cancel and then Close.