What Sets Shavlik Protect Apart from the Others?





Ease of use

Shavlik Protect can be installed and used to deploy missing patches within minutes; not days, weeks, or months.

Real-time patch validation

Shavlik Protect utilizes XML data files that are updated the moment a security patch is released.

Agentless and agent-based operation

Provides the ability to manage network machines directly from a console and to manage hard-to-reach and cloud-connected machines (such as roaming laptops) using agents.

Background (non-modal) tasking

Enables multiple tasks to run at the same time. Simultaneously perform patch and asset scans, download files, deploy patches, perform power management tasks, install agents, and keep on working.

Patch replacement

Only those patches that are necessary and applicable to the scanned platform are evaluated during the scan process. Unnecessary and replaced patches are not presented (although you can configure the program to do this if you want).

Dynamic product detection (DPD)

Provides the ability to support additional non-Microsoft products simply by updating the necessary XML files.

Virtual machine support

Operates exactly the same on both physical machines and on virtual machines that are online. Can perform patch assessment of offline virtual machines without powering them on. Missing patches are copied into the virtual image so when the offline image is powered on it immediately patches itself.

Security and Integrity




Detailed Patch Analysis and Validation

File versions and registry keys are evaluated to aid in determining patch status.  Solutions that rely solely on registry keys and/or minimum file versions are unable to differentiate between legitimate files and trojaned files, including patches that have been re-released by Microsoft.

External validation data

File data used to perform patch validation tests are obtained from a signed source independent of the machine being scanned.

Data file anti-spoofing protection

The  XML patch data file is parsed only if obtained from a valid, specifically signed CAB file or SSL location.

Trojan protection

All digitally-signed vendor files are validated prior to patch deployment.