Identifying Explicitly Installed Patches

In order to identify that a patch has been explicitly installed, several criteria must be met.

Some types of patches do not write registry keys to the system on which they're being installed. Since there is no explicit indication that the patch has been applied, it cannot be determined that the patch was specifically installed at any point in time. To ensure that these systems are up to date, run a scan against the system and ensure that there are no patches that appear as 'Patch Missing.'

If Shavlik Protect deploys the patch, however, it will write its own registry key to the remote system. This data is encrypted to prevent tampering. So, even if the patch doesn't normally write a registry key during deployment (SQL Patches, Office patches, etc), Shavlik Protect will write a registry key that is then read by the scanner during the assessment phase. The application can read that all these patches are installed, what account was used to install the application, and when the patch was installed. This information is displayed on the patch details panel as well as a mouse over on 'Patch Found' text in the patch summary pane.