Patch Third-party Applications in SCCM Without Additional Infrastructure

Shavlik Patch® for Microsoft System Center adds non-Microsoft third-party patch to Microsoft System Center Configuration Manager (SCCM) to maximize your investment in System Center and to reduce risks from unpatched third-party applications.



3rd-party App Patching
Maximize Your Investment
No Addl. Infrastructure

Patch Third-party Applications to Reduce Risk

"We could bring third-party applications into our existing SCCM infrastructure for a relatively low cost."

- Anthony Digregorio, University of Pittsburgh

Avoid being the next security disaster headline by reducing vulnerabilities and risks with third-party application patching.

1. Close the application patching gap - Eighty-six percent of reported vulnerabilities come from third-party applications*. Applications now represent a greater risk to the network than the OS. Shavlik Patch reduces the risk created by applications by adding third-party application patching to SCCM.

2. Extensive software support - Shavlik Patch supports many of the most popular and vulnerable applications, including Adobe (Acrobat), Apple (iTunes), Oracle (Java), and many more. Update even traditionally difficult applications like Java within SCCM.

3. Gain control of application updates – Don’t rely on end users to patch individual applications. With Shavlik Patch, centrally deploy application patches to workstations within SCCM.

4. Patch with confidence - Shavlik’s years of experience patching applications in the enterprise means you gain the most accurate pre-tested patching data.

Maximize your Microsoft System Center investment

Get more for your IT dollar by expanding patching capabilities of Microsoft System Center Configuration Manager (SCCM) to cover application updates.

1. Expand SCCM to include application patching – Patch many of the most vulnerable applications not supported by Microsoft from within SCCM.

2. Decrease vulnerability-to-patch windows - Eliminate manual steps to create third-party application patch data in delivering patches with SCCM.

3. View compliance within SCCM - This plugin in conjunction with SCCM lets you view compliance plus all of your organization’s patching progress.

4. Accelerate patching from months to minutes - As more applications are added to the environment, IT administrators spend more and more time just keeping systems up-to-date. Shavlik Patch greatly reduces release-to-installation time.

Reduce Complexity by Avoiding Additional Infrastructure and Cost

Use your existing workflow to deploy OS updates and third-party application patches within the SCCM console.

1. Native plugin for SCCM – See third-party patches and control the patching process all from within the SCCM console.

2. Uses the same process, motion, and infrastructure as SCCM – Unlike competitive products, Shavlik Patch is a native plugin to SCCM that leverages existing infrastructure. You spent a lot of time and money installing it, so use it!

3. No additional consulting required - The Shavlik Patch simplified approach to patching third-party applications within SCCM requires no expensive consultants or additional services.

4. Reduce time and get systems patched quickly with automation – Shavlik Patch uses SCCM automation to control the patching process. Additional automation downloads the latest catalog and uses the most-up-to-date patches.


  • Ability to patch hundreds of the most popular applications
  • Integrated plugin for the SCCM 2012 console
    • View of available patches
    • Select patches to publish and expire
    • Smart filtering of patches based on multiple criteria (vendor, product, etc.)
  • Check for and download new patch data automatically
  • Publish new patches automatically based on composite filter
  • Expires a superseded patch with the new version
  • Auto-detect Windows Software Update Server (WSUS)
  • Digital Certificate management
  • Handles difficult-to-install patches, including Java
  • Streamline handling of bundled patches such as Apple
  • Localized in 11 languages for international support
  • Supports authenticating proxies
  • Installation is easy, fast, and verifies SCCM configuration

Current list of Shavlik Patch application coverage


Shavlik Patch allows you to manage third-party updates within the System Center Configuration Manager console. Here we see the Shavlik catalog of third-party updates. From this table, users can select the updates they wish to publish.

Updates can be published manually or automatically, scheduled, and filtered down to certain vendors or certain products.

After third-party updates have been published, they are deployed in an identical manner as Microsoft updates.


  • Shavlik Patch installs as an add-in to an existing Configuration Manager 2012 console (SP1 or later). The Configuration Manager console must be installed on one of these Windows operating systems:
    • Windows Server 2012 or later
    • Windows Server 2008 R2 SP1 or later
    • Windows 8 or later
    • Windows 7 SP1 or later
  • .NET Framework 4.5.1 or later: If you are missing this requirement, .NET Framework 4.5.1 will be installed for you during the installation of Shavlik Patch.
  • Windows Server Update Services (WSUS) client requirements:
    • If Shavlik Patch is installed on the primary WSUS server and you are using Windows Server 2012 or Windows 8, then the WSUS API and the PowerShell cmdlets features must be enabled.
    • If WSUS is on a remote Windows 8 or Windows 8.1 machine, then the remote admin tools feature must be installed on that machine. The version of the remote admin tools and the version of WSUS must match or you will not be able to deploy updates.
    • If the primary WSUS server is running WSUS 3.0 SP2, then the WSUS 3.0 SP2 Administration Console must be installed on the same machine as Shavlik Patch. Patches KB2720211 and KB2734608 must be applied to both the WSUS server and the Configuration Manager Console machines.
  • The Microsoft Task Scheduler service must be enabled and the user must have the rights necessary to create scheduled tasks.
  • Shavlik Protect Cloud account
  • The user running Shavlik Patch must have Log on as batch job rights and must be a member of the WSUS Administrators group on the WSUS server. In addition, if the WSUS Server is remote, the user must be a member of the local administrators group on the WSUS Server.
  • Client machine requirements: Each of your client machines must meet the following requirements in order to deploy non-Microsoft updates distributed by a WSUS server:
    • Must contain a copy of the code signing certificate in the appropriate certificate stores
    • Must have enabled the Allow signed updates from an intranet Microsoft update service location policy setting



Shavlik Patch for Microsoft System Center Datasheet | Download
Shavlik Patch for Microsoft System Center User's Guide | Download
Shavlik Patch for Microsoft System Center Release Notes | Download
Supported Applications | View

Additional Shavlik Patch documentation

Demos / Webinars


Introducing the New Shavlik Patch for Microsoft System Center 2.1
With the new version of Shavlik Patch 2.1, you will see better network options with authenticating proxy support, better patch filtering options and localization into 11 languages.


Preparing to Use Shavlik Patch for Microsoft System Center
Watch tips and tricks for installing and configuring the latest version of Shavlik Patch to get you started


Using Shavlik Patch for Microsoft System Center and SCCM 2012 to Update Third-party Applications
View how to automate patch downloads, configure SCCM 2012, and deploy patches with Shavlik Patch


How to Use the Filtering Capabilities in Shavlik Patch
Discover how to use filters to deploy patches with SCCM 2012. Deploy by criticality, vendor, application, and version.

What's New

December Patch Day Round-Up
Although it was not as large as the November Patch Tuesday, December’...

Shavlik in the news- December Patch Tuesday
Compared to last month’s Patch Tuesday (the biggest this year) this month’s...

Patch Tuesday Advanced Notification December 2014
This month is a bit quieter than last month’s barrage of patches as there a...