Shavlik Protect Version History


Released 10/21/2014

(Note: This build includes fixes from 9.1.4334.0, Protect 9.1 Patch 1, and Protect 9.1 Patch 2.)

    Bug Fixes

    • Updated content feed to allow for new format change for CVE.
    • Resolved an issue where deployment email notifications were not being sent if the Hours until post deployment e-mails are sent option was set to 0 and the deployment fails on any system in the deployment.
    • Resolved an issue where ST.ServiceHost.exe.config is not overwritten on upgrade from a previous version if the configuration file was manually modified, resulting in an ‘email service is currently unavailable’ error.

Released 08/21/2014

(Note: This build includes fixes from 9.1.4334.0 and Protect 9.1 Patch 1)

    Bug Fixes

    • Resolved an issue where a scan of an online hosted virtual machine would fail to scan with an error 201 if NetBIOS could not be resolved. Hosted scan flow will now fail over to IP if NetBIOS fails
    • Resolved an issue where machine resolution by OU could return no machines due to an error when querying LDAP (System.DirectoryServices.DirectoryServicesCOMException (0x80072030): There is no such object on the server).
    • Resolved an issue where scanning by OU would try to resolve by FQDN, but would not fail over to NetBIOS if FQDN failed.
    • Resolved a console crash that occurred when opening Tools > Operations > Distribution Servers when the console service has been manually configured as a specific credential instead of Local System.
    • Resolved a performance issue where the email service could return an unavailable error due exceeding the default timeout.
    • Resolved an error in Event History for ITScript results that exceeded the max field length when displaying results.
    • Resolved an issue where a scan result would not delete due to a constraint on an impartial deployment status that could not be deleted.
    • Resolved an issue in Patch Status Detail report where machine counts could be incorrectly calculated.
    • Resolved a performance issue where machine resolution could take significantly longer due to machines being resolved more than once instead of being identified as a duplicate and skipped.
    • Resolved an issue where STSchedEx would attempt to listen on an additional legacy port that is no longer being used. Will only attempt to open 5120 (default) and not open 5120 and 5121.
    • Resolved an issue where, after changing from the local console language to another language, you may not be able to switch back to the native console language.
    • Resolved an issue where a null credential associated with a hypervisor causes the Protect UI to crash when refreshing the hypervisor.
    • Resolved an issue where scanning a machine with the remote registry disabled would receive an error 270 instead of error 501.
    • Resolved an issue where deleting scans on a system with low resources fails, resulting in the rollback transaction being called twice.
    • Resolved an issue where installing PowerCLI 5.5 Release 2 causes a crash when enumerating a hypervisor or vCenter server due to a change in an interface in VIM.
    • Resolved an issue where deployment would not display the proper error message when the target machine did not have enough disk space.
    • Resolved an issue where the console could crash due to too many SQL transactions occurring, resulting in “SQL unavailable” or “Maximum pooled connects to SQL Server exceeded” errors.
    • Resolved an issue where refresh files would not download HF7b.xml and PD5.xml due to timeout on slow connections.

Released 4/17/2014

    Major New Features

    • Localized Console Experience
      • Shavlik Protect is now localized for the following languages: Chinese (Standard), Chinese (Traditional), French, German, Italian, Japanese, Korean, Portuguese (Brazil), Russian, and Spanish.
    • Localized SafeReboot
      • The SafeReboot dialog has been localized to support the same language set as above. The language of the client machine’s operating system will determine which language is displayed. The SafeReboot dialog will default to English if the operating system language is not supported.
    • Online Help
      • Localized versions of the Help system are now available on the Web. The help text will be localized according to the language specified on the Display Options dialog. An Internet connection is required in order to access localized help text from the console. For environments that do not have direct Internet access, an English-only version of the Help system is still shipped with the product and is available locally on the console.
    • IPv6 Support
      • Shavlik Protect now supports IPv6. IPv4 is still the preferred IP scheme that will be displayed in the UI, so for environments that happen to have IPv6 turned on but are not utilizing it yet, the IPv4 address will be the default address shown for machines.
    • Report Views
      • In conjunction with this release, Shavlik is providing a Report Views Guide that describes how to use database views within SQL Server database queries to generate custom reports for Shavlik Protect. This also allows for third-party tools such as SQL Reporting Services, Crystal Reports, Splunk, and others to be used to create reports for Shavlik Protect.

    Minor New Features and Enhancements

    • Improved Machine Resolution in FQDN and IP-only Environments
      • For customers who have environments that require FQDN or IP to resolve machines, Shavlik has made significant improvements to our machine resolver so that Shavlik Protect will retain multiple resolution methods for each machine. FQDN, Hostname, and IP can all be attempted to ensure the machine is resolved correctly.
    • Scan by Vendor Severity
      • The patch scan templates and the assessment engine have been updated to include filters that enable you to scan by vendor severity. You can now scan specifically for Critical, Important, Moderate, Low, or Unassigned security or non-security patches.
    • Deployment Workflow Enhancements
      • The deployment workflow has been consolidated to reduce the many branches that existed in the deployment experience. When you perform a deployment now you will see the same level of detail as a scheduled deployment. The deployment results are also available for viewing after the deployment is complete.
    • Machine-Level Status in Operations Monitor and in Deployment Tracker
      • A machine-level status has been added to the deployment flows. This gives you better visibility into the current state of your deployments.
    • Deployment Return Codes
      • Deployment return codes are now available within Deployment Tracker and within the deployment reports. Making the return codes available within the Shavlik Protect UI eliminates the need to comb through target machine logs for the return codes.
    • Active Directory (AD) Enhancements
      • Shavlik Protect is now able to discover any Active Directory Forests and Domains that are broadcasting themselves to the console machine’s domain. In addition, you can now add additional Forests and Domains and save credentials for these items. This allows you to browse these items without having to reconnect each time.

    Deprecated Features

      Features That Have Been Removed in Shavlik Protect 9.1

    • The following platforms are no longer supported for use as a console:
      • Windows XP
      • Windows Server 2003
      • Windows Vista
      • Windows Server 2008 (prior to R2)
      • Windows 8 (Windows 8.1 is supported)
      • 32-bit architecture operating systems
      • In response to Microsoft’s strategic direction and recent end-of-life announcements, Shavlik has removed support for the above platforms as a Shavlik Protect console. Shavlik Protect 9.0 is the last version to support these platforms as a Protect console. All of these platforms are still supported as agentless and agent-based targets.

        To help ease the migration to newer platforms, Shavlik has developed a migration tool that will help administrators to transition a console from one machine to another. Microsoft has announced an end-of-life for Windows XP in April 2014 and for Windows Server 2003 in April 2016. We are recommending that customers on these platforms migrate to newer operating systems as soon as possible. Shavlik will not be supporting Windows 8 as a console due to an incompatibility issue with Powershell 4.0, which is a new prerequisite in Protect 9.1. Windows 8.1 support is being added with Protect 9.1.

    • The following VMware ESX Hypervisors are no longer supported:
      • ESX 4.0
      • ESX 4.1 (ESXi 4.1 Hypervisors are still supported)

      Shavlik is removing support for hypervisor patching and offline VM, template, and snapshot features for these versions, as VMware is ending support for these platforms in 2014. Shavlik Protect 9.0 is the last version to support these versions.

    • Export to TIF, TXT, and RTF formats
    • Shavlik has removed support for these formats as they are little used and provide little value to the majority of customers. Future versions of Shavlik Protect will still support export to PDF, XLS, TSV, CSV, and XML formats.

      Features That are Targeted for Removal After Shavlik Protect 9.1

    • Windows Server 2000 support for agentless scan and remediation will be removed after 9.1
    • Shavlik is announcing that Protect 9.1 will be the last version to support Windows Server 2000 as an agentless target. Protect 9.1 will support this version of Windows until it reaches its end-of-life, which has not yet been announced.

    • SQL Server 2005 support will be removed after Protect 9.1
    • Shavlik is announcing that Protect 9.1 will be the last version to support SQL Server 2005 (all editions). Customers should work towards moving to newer editions of SQL Server as soon as possible.

    • User Criticality Filter will be removed after Protect 9.1
    • With the introduction of the Vendor Severity filter, the User Criticality Filter’s primary function is now obsolete and will be removed in a later release. The feature has a high maintenance cost and low value for most customers.

    Bug Fixes

    • Resolved an issue where duplicate agent results could conflict, causing import to fail.
    • Resolved an issue where duplicate agent results cause a loop on import, blocking up the import queue.
    • Resolved an issue where custom patch could allow a .bat file to be used which would cause agents to fail deployment. The .bat extension has been pulled from the custom patch file options.
    • Resolved an issue where LDAP over SSL connections would attempt to use the Shavlik Certificate. The Shavlik Certificate on upgrade will be moved into a custom store.
    • Resolved an issue where the 'Is Policy Current' value for Threat Protection Agents could incorrectly show as No when they really are up to date.
    • Updated the Help System to include descriptions for agent icons that were not documented.
    • Updated the Help System with an outbound port 443 requirement for the Protect Cloud Sync feature.
    • Resolved an issue where a result could not be imported if the service pack of the product could not be determined.
    • Resolved an issue where attempts to delete a partial scan result could result in a console crash.
    • Resolved an issue where an agent result missing the EndTime attribute would fail to import.
    • Resolved an issue where the Patch Status Detail Report could end up with PatchBulletinTitle on multiple lines due to a carriage return.
    • Updated the community link for data conversion errors on upgrade to point to the proper community article.
    • Resolved an issue where the Executive Summary Report could reflect the Effectively Installed Patches count incorrectly.
    • Resolved an issue where scan results could fail to import do to a 'Arithmetic overflow error' on the primary key in the ScanItems table.
    • Updated the Administration Guide to place the 'What's New?' section in the correct location in the document.
    • Resolved an issue where using the Microsoft Scheduler could cause scans to add five minutes to the specified scheduled time.
    • Resolved an upgrade issue where an unassociated event subscription could cause the database upgrade to fail from 8.0.2 to 9.0.1182.
    • Resolved an import issue where Agent Deployment Results could cause the importer to loop backing up the import queue.
    • Resolved an issue where the console could crash when you start many scans simultaneously on a resource constrained machine.
    • Changed from using MD5 hash to SHA1 in asset value normalization to be compliant on a FIPS enabled machine.
    • Resolved an issue where HFCLI.exe was not using the Protect License Key, causing certain licensed features of HFCLI to not work.
    • Resolved an issue where using the Browse Active Directory feature would not allow you to select a forest.
    • Resolved an issue where the console service could crash on foreign key exceptions.
    • Resolved an issue where the console service could crash when encountering an unknown service pack item type.
    • Resolved an issue where 2003 R2 SP2 systems could reboot unexpectedly when upgrading the agent from 8.0.2 to 9.0.1106.
    • Resolved an issue where an unnecessary horizontal scroll bar would appear in the Machine View.
    • Resolved an issue where the console service could crash when it is unable to decrypt credentials.

Released 12/8/2014

(Note: This build includes fixes from 9.0.1106.0, Protect 9.0 Patch 1, and Protect 9.0 Patch 2)

    Bug Fixes

    • Updated the database schema and the content importer to support upcoming changes in the CVE-ID syntax. Prior to this patch, CVE-ID numbers using the new syntax would have prevented content from being updated and may have resulted in a console crash.

Released 6/25/2013

(Note: This build includes fixes from 9.0.1106.0 and Protect 9.0 Patch 1)

    New Features

    • Manual activation of Shavlik Protect is now available through a self-help portal. When you choose manual activation mode, instructions are provided to walk you through the process.

    Bug Fixes

    • Resolved an issue where bad agent results were continuously imported rather than being discarded, resulting in the ST.ConsoleService.managed.log showing multiple “Stream header magic number is invalid” errors.
    • Resolved an issue where multiple IP ranges that use the same distribution servers cause full cloud policy updates to fail with 400 (bad request).
    • Resolved an issue where the advanced filter options for the Deployment Status By Machine report could cause Protect to crash.
    • Resolved an issue where reports emailed from Tools > Create Report are a tmp file instead of PDF.
    • Updated the Administration Guide to correct an issue where the default console service port was shown as 3131 instead of 3121.
    • Resolved an issue where the machine inventory email does not get sent when applied to a machine group.
    • Resolved an issue where agent registration and checkin uses FQDN not NetBIOS, causing the install to fail if FQDN could not be resolved.
    • Resolved an issue where agent checkin without a policy uses FQDN not NetBIOS, causing the install to fail if FQDN could not be resolved.
    • Resolved an issue where emailing a report from Scan View could cause Protect to crash.
    • Resolved an issue where the Scan and Report Only and the Deploy and Report Only roles do not allow the user to create and assign their own credentials.
    • Resolved an issue where the Scheduled Tasks Manager abnormally exits when right-clicking in the jobs window.
    • Resolved an issue where scheduled jobs might not appear in the Scheduled Tasks Manager.
    • Resolved an upgrade issue from 8.0.2 to 9.0.1106 where, after upgrade, some machine groups could not be opened.
    • Resolved an issue on ProtectCloud login where using dangerous HTML characters in the Protect Cloud password causes an exception.
    • Resolved an issue where scheduled deployments to a hosted VM shows a scheduled time discrepancy between Deployment Tracker and the Scheduled Tasks Manager.

Released 5/2/2013

    Major New Features

    • Support for Cloud Agents
      • Shavlik Protect agents can be installed from the cloud and can function without ever connecting directly to the Shavlik Protect console
      • Agent policies are uploaded from the console to the cloud where they are available to be downloaded by the agents
      • Agent results are uploaded to the cloud and then downloaded to the Shavlik Protect console
    • Virtual Inventory (ESXi Hypervisor Patching)

      This new feature is used to manage and track the vCenter Servers and the ESXi hypervisors that are used in your organization. You can use the Virtual Inventory feature to:

      • Add vCenter Servers and ESXi hypervisors to Shavlik Protect
      • View basic configuration information about the vCenter Servers and the ESXi hypervisors
      • Perform a scan of the managed and unmanaged ESXi hypervisors
      • View the security bulletins that have already been installed on the managed and unmanaged ESXi hypervisors
      • View the security bulletins that are missing on the managed and unmanaged ESXi hypervisors
      • Deploy any missing security bulletins to the ESXi hypervisors
      • Power on and off the virtual machines that reside on your managed and unmanaged ESXi hypervisors
      • Add the virtual machines and virtual machine templates to a new or existing machine group
    • Installation and Prerequisite Changes
      • Support for 64-bit operating systems
      • New web version of the installation program that detects which architecture is supported by the console’s operating system and will automatically download the correct 32-bit or 64-bit MSI file
      • Support for SQL Server 2012
      • Support for Windows 8 and Windows Server 2012
    • Event History


      Event History provides a way to view the background operational events that occur with Shavlik Protect. Entries are generated for a large number of events, including:
      • Database maintenance
      • Distribution server synchronization
      • Scheduler events
      • Core engines/definitions downloads
      • Core engines/definitions synchronization
      • Threat data downloads
      • Threat data synchronization
      • Operation result imports (patch scans, threat scans, etc.)
      • ESXi Hypervisor patch deployments
      • Agent policy synchronization using Protect Cloud

    Minor Features and Enhancements

    • Patch Management Enhancements
      • Patch replacement resolution has been added to patch groups
      • Agentless target machines that download patches from distribution servers will now install the patches they download even if they cannot download all patches in the deployment
    • Threat Management Enhancements
      • Quarantined items can be added as filename-based exceptions from the quarantine management UI
      • Detected threats can be added to the Allowed Threats list of select policies from the Threat Events View
    • PowerShell Scripts
      • PowerShell scripts can now target ESXi hypervisors and use PowerCli commands
      • PowerShell modules are now supported
    • Performance Improvements
      • Reports have been reworked and are significantly faster and more accurate
      • Rollup and import performance are improved by exporting and importing batches of results
      • Performance improvements have been made in the Policy Editor
      • Stronger cryptographic keys are now used to make the program more secure
      • Multi-console support has been improved
      • Scheduling of distribution server synchronization can now be done on a per-distribution server basis
    • User Interface Changes
      • The Navigation pane has been modified to better utilize the available space
      • The menu bar is simplified and has only six items: Home, New, View, Manage, Tools, and Help
      • Product End-of-life (EOL) information has been added to the data and is displayed in several places in the interface
      • Notes can be associated with individual machines in machine groups
      • Machine names and IP addresses can now be edited
      • The Active Directory browser has been improved
      • Credentials Manager now shows where specific credentials are used
      • The About dialog clearly displays current and installed data file versions
      • The Agent Manager has been removed. All functionality is available from within Machine View.
      • Reworked the Active Directory / OU browser
      • Searching within the current view is simplified. You no longer need to select the column to search; all columns are searched.
      • Patch Type has been added to the middle section of Machine View and Scan View patch results
      • Manage Items now appears as a dialog rather than being displayed in the main window. This reduces memory usage and provides better performance.
      • Scheduled operations that were previously configured in Tools > Options have been moved to a new area under Tools > Operations
      • Management of distribution servers has been moved to Tools > Operations
      • An Error code column has been added to a number of grids and the error code has been removed from the error message
      • A Patch Breakdown column has been added to a number of grids. This provides a visual representation of the percentage of installed patches (green) vs. missing patches (red) and missing service packs (yellow).
    • IAVA Reporter
      • If you purchase the Government Edition of Shavlik Protect you will receive a license key that enables you to use the Information Assurance Vulnerability Alert (IAVA) Reporter. The IAVA-specific files are automatically installed when Shavlik Protect is installed and are completely integrated in Shavlik Protect.

    Bug fixes

    • Resolved an issue in role based administration where Scan/Deploy & Report Only users had more access than expected.
    • Resolved an issue where after upgrade from 7.8 to 8.0 scanning offline hosted VM and offline VMWare .vmx file would fail.
    • Resolved an issue in the Machine Group Editor treelist where the background color should be all white.
    • Resolved an issue in the Scan Summary box in scan view where it does not remember collapsed state (minimized state).
    • Resolved an issue in the Deployment tracker where collapsed rows expand during auto refresh.
    • Resolved an issue in documentation to show that we support SQL 2008 SP3.
    • Resolved an issue in the Deployment Notification email shows incorrect date and should specify GMT.
    • Resolved an issue where splitter bars in the Scan Summary do not remember their position when the application is closed.
    • Resolved an issue in Machine View where column sorts only on the first column.
    • Resolved an issue in Custom Patch Deployment when using bat file where the deployment fails to complete.
    • Resolved an issue where the file size confirmation dialog for downloading patches does not display during a single patch deployment.
    • Resolved an issue where right click context menus under machines not scanned tab were removed.
    • Resolved an issue in the custom patch regkey editor where you cannot change from DWORD to String and put in a string value without getting an error.
    • Resolved an issue where file and registry key details in the Patch Information view don't scale.
    • Removed 'query remote log information' from deployment results screen due to compatibility issues across different operating systems.
    • Resolved an issue in machine groups where 'Scan Only IIS Servers' filters out all machine with IIS installed on it instead of including only IIS servers.
    • Resolved a race condition where you could click on a machine group multiple times opening many windows if you are on a slow system.
    • Resolved an issue where removing all email recipients from a machine does not remove the email.
    • Resolved an issue where RDP fails to install on German 2K3E R2.
    • Updated documentation to reflect what OS languages Shavlik Protect supports for system requirements.
    • Resolved an issue where the manual RDP installation link is missing from the manual installation section of the install guide.
    • Resolved an issue where Agents with pre-deploy reboot, do not wait for the reboot to start installing patches.
    • Resolved an issue where consoles configured for data rollup display warning messages incorrectly due to differences in time between consoles.
    • Resolved an issue on upgrade from 7.8 to 8.0 where you receive error 1714. The older version of Shavlik Protect Patch Engine cannot be removed. Contact your technical support group. System Error 1612.
    • Resolved an issue where the %Pathtofixes% variable is not honored when installing scheduler from scheduled task manager.
    • Resolved an issue on the chart screen if you select options always show this chart, the options at the bottom of the page are disabled until you do a refresh.
    • Resolved a potential crash during deployment when deploying to large groups.
    • Resolved an issue in the Deployment Notification email where "Scheduled Installation Time" would show as blank.
    • Resolved an issue where the Shavlik Protect Console could crash when filtering in scan results.
    • Resolved an issue when changing the scheduler port where the task scheduler honors the new value, but the Shavlik Protect GUI does not.
    • Resolved an issue in the Scan Summary --> Patch Information section where "File version is less than expected: ..." is truncated.
    • Resolved an issue where agent deployments using pre-deployment reboots could end up in a continuous reboot cycle if there are still missing patches.
    • Resolved an issue where closing Shavlik Protect with an RDP window open and the RDP window no longer honors the cancel action.
    • Resolved an issue where STAgent service could hang during start-up on XP and 2k3.
    • Resolved an issue where Active Protection prevents opening embedded Outlook files (.msg) in a word document.
    • Resolved a database upgrade issue where an ALTER TABLE statement conflicted with the FOREIGN KEY constraint "FK_LinkEmailRecScanTemplate_ScanTemplates".
    • Resolved an issue in STSchedex.exe where shutdown could cause an application error.
    • Resolved an issue with in asset scans that could cause software asset scans to fail importing due to an invalid URI error.
    • Resolved an issue in Data Rollup where IP Address or hostname containing a space will cause the console service to error and prevent start-up.
    • Resolved an issue where there could be discrepancies interpreting scan result between agent GUI and console GUI.
    • Updated the description of Non-Security Patches in new scan template to reduce confusion.
    • Resolved an issue where items are unable to deleted from Manage > Items due to overlapping scans results.
    • Resolved an issue where offline activation for vCP with Configuration Management, configure product activation fails with "Offline activation stream is invalid".
    • Resolved an issue where copying a machine group could cause the app to crash.
    • Resolved an issue with activating multiple license key issues with console add-on keys.
    • Resolved an issue where Daily AP Alert is still triggered even though threat protection feature is no longer licensed.
    • Resolved an issue with the Condensed Patch Listing report where information appears in exported CSV that is not part of the report.
    • Resolved an issue when deploying SQL Server 2000 patches could crash the console with System.ArgumentOutOfRangeException: Positive number required. Parameter name: culture.
    • Resolved an issue where manually installing an agent using a lowercase passphrase could cause an "Invalid request" during registration.
    • Updated command line help to provide an example on how to register an agent using STAgentManagement.exe.
    • Resolved an issue in STThreat.exe where it could locking up a system when RunDetection: detection function 5094 crashed error occurs.

Released 11/01/2012

    Bug Fixes

    • Added support for the vCenter Protect installer to detect PowerShell 3 as a prerequisite for PowerShell.
    • Resolved an issue where Java Runtime would uninstall the current version and then fail to install due to file(s) in use.
    • Removed a dependency on two Microsoft components (oHotFix and Qchain) as they are reaching end of availability from Microsoft Corporation.
    • Resolved an issue where an offline virtual machine on an ESXi Hypervisor would fail to scan with an Error 4000.
    • Resolved an issue where deployments using Install at next reboot could execute immediately.
    • Added installation support for Windows 8 and Windows Server 2012.
    • Added support for installations using SQL Server 2012 databases.


Released 9/10/2012

    New Features

    • Integration with VMware Licensing
      • Support for multiple license keys, allowing for valid VMware vSphere and Accelerator Kit bundle licenses to activate along with VMware vCenter Protect licenses.
      • Retain support for the legacy (Shavlik) license keys and make key combinations additive.
      • Update to license services within VMware vCenter Protect, allowing active licenses to refresh without user intervention. Customers no longer have to manually refresh their active licenses when Support or data renewals occur, etc.
    • Updated Product Activation
      • VMware vCenter Protect now has the ability to activate a trial within the product.
      • VMware vCenter Protect Free version is now activated through the same activation dialog as Trial or Product\Bundle keys.
    • Renaming of the Product
      • VMware vCenter Protect Essentials is renamed to VMware vCenter Protect Standard
      • VMware vCenter Protect Essentials Plus is renamed to VMware vCenter Protect Advanced

    Bug Fixes

    • Resolved a rendering issue in the Patch View where you could select one of the affected patches and the Patch Details would not display correctly resulting in an application crash.


Released 12/28/2011

(NOTE: This build includes fixes from 8.0.3756.0 and Protect 8.0 Patch 1)

    Bug Fixes

    • Enhanced ITScripts engine to provide more user-friendly error messages.
    • Resolved an issue where scheduled value in Tracker and deployment status was showing date and time the job was scheduled on, and not the date and time the job would execute.
    • Resolved an issue in the STAgent.exe where a race condition could cause a crash.
    • Resolved an issue in the IAVA reporter where Patch Status Detail would crash if viewed by specific product and service pack combinations.
    • Resolved an issue in the Help file where a link for ITScripts would redirect to custom patch instead.
    • Resolved an issue where refreshing a license after viewing a power status scan result could result in a crash.
    • Resolved an issue where Browse Active Directory feature in Machine Groups did not list child OUs.
    • Updated Help file to correct steps for creating a manual install script for agent installation.
    • Resolved an issue where upgrade from 7.x to 8.x results in agents running threat protection needing to be re-installed.
    • Resolved an issue where STAgentUpdater could crash when creating SSL registration.
    • Resolved an issue where the service could crash when retrieving system credentials due to size of credential store.
    • Resolved a regression where the patch pane in Machine View defaulted to expanded instead of collapsed.
    • Resolved an issue in Custom Patch where a string registry value always returned missing.
    • Resolved an issue where database upgrade fails with uniqueness constraint violation. This only affects 7.x upgrade to 8.0.
    • Resolved an issue where agents would be unable to deploy a custom patch.


Released 11/1/2011

    Major New Features

    • ITScripts
      • Powerful scripting capabilities just clicks away
      • Catalog of scripts including maintenance scripts, application and OS-level configuration, configuration of GPOs, monitoring and informational scripts, and more
      • Ability to import custom scripts and take advantage of the ITScript engine features to make machine discovery and credentials usage a breeze
    • Credentials Manager
      • Addition of the Credentials Manager to centralize the creation and maintenance of credentials
      • User-friendly UI to allow access to your credentials anywhere in the product and specify credentials in a matter of clicks without the need to retype username and password
    • Power Status Scan
      • Addition of a new scan type that allows extremely fast discovery of the power status of your machines. Discover hundreds of machines in minutes across a broad IP range or validate the power status of your machines using host name, domain, or any of the other methods available in the machine group.
      • Right-click power status scan option from Machine View for validating that a machine is online
      • Power Status Scan result located in the Results section of the Navigation Bar for historical reference to Power Status Scan results
      • Power Status Report for proof of compliance and to provide the validation that is often required by energy providers for power rebates
    • Multiple Administator Support in Console
      • Support for multiple unique administrators to access the same Protect console simultaneously
      • Notification if the same account is attempting to open the console simultaneously

    Minor Features and Enhancements

    • Patch Scan Performance Enhancements
      • Increased scan speed
      • Reduced memory footprint
    • New Operations Home Page
      • Quicker access to common operations like patch and asset scans, power status scan, ITScript runs, etc.
    • Integration with Remote Desktop Protocol (RDP)
      • Initiate from Machine View against a target machine
      • Utilize existing credentials
      • Connect via hostname or IP
      • Option to connect as admin session for specific maintenance tasks that require session 0
    • Integrated Deployment into Operations Monitor for Better Deployment Progress Monitoring
      • Increased visibility during deployment
      • Better progress tracking of deployments while being staged
      • Easy access to deployment results and Tracker results
    • Antivirus/Threat Protection Enhancements
      • Threat protection is now registered in Microsoft Security Center / Action Center
      • Enhanced control over the “disable” and “temporarily suspend” Active Protection features within the agent policy

    Bug Fixes

    • Resolved an issue the Agent could be unable to deploy a deployable SP.
    • Resolved an issue where Office patches with client and full patch types download only the first patch type listed in pd5.
    • Resolved an issue where the selecting Patch Download Status would not download a patch if you downloaded, deleted, then attempted to download again.
    • Resolved an issue where Patch Download Status does not sort after the first time.
    • Resolved an issue attempting to add a Service Pack to a patch group would result in a blank patch group.
    • Resolved an issue in documentation: a mapped drive for a Download Center Path is not supported.
    • Resolved an issue where agents would fail to deploy other Service Packs and Patches if errors were encountered on a Service Pack install.
    • Resolved an issue where upgrading a database from 7.6 to 7.8 fails with id cannot be null.
    • Resolved an issue in documentation: SQL 2008 Express and SQL 2008 R2 were not listed in the database pre-reqs.
    • Resolved an issue where machine summation counts may not be accurate in Machine View.
    • Resolved an issue where deleting a hosted virtual machine produces collation conflicts
    • Resolved an issue where attempting to non-deploy a service pack results in Protect crash
    • Resolved an issue where Patch summary report advanced filter does not properly filter by bulletin or Qnumber.
    • Resolved an issue where scheduled deployments with pre install reboot run the deployment after any reboot, not the scheduled reboot.
    • Resolved an issue where scheduled deployment with pre install reboot would not execute if system clock resets to a time prior to scheduling.
    • Resolved an issue where the schedule dialog could change from PM to AM under certain circumstances.
    • Resolved an issue where threat manifest cannot be downloaded from an http distribution server when vendor as backup is disabled.
    • Resolved an issue where scan my domain does not work correctly with similar qualified domains.
    • Resolved an issue where find users in the machine group domain browser would find the user by simple domain name.
    • Resolved an issue where copy machine group created by a different logged in user with an ESX server setup in hosted virtual machine causes a crash.
    • Resolved an issue with Protect 7.8 where Safereboot does not reboot on Windows 2000
    • Resolved an issue where Agent downloads fail due to file not found error
    • Resolved an issue where Deleting the last patch scan for a machine doesn't null out the patch-specific machine measures
    • Resolved an issue where At least one window within Protect causes an indefinite freeze for the entire application when a WM_SETTINGSCHANGE message is received
    • Resolved an issue in Custom Patch where there would be two validation checks for each XML
    • Resolved an issue in the threat engine where Ultra VNC and Remote Task Service are killed during agent Full threat scan
    • Resolved an issue where Report only users are able to do more than specified
    • Resolved an issue where Operations Monitor does not sort correctly by numerical order.
    • Resolved an issue where a license due to expire in one day could not be activated properly.
    • Resolved an issue where distribution server sync space required is multiplied by 5.
    • Resolved an issue where an Error in STCore::IO::CPath::GetFullPath() causes deployment of office patches with install point to fail
    • Resolved an issue where Dutch Windows 7 SP1 is not detected correctly by the prereq installer
    • Resolved an issue where Software Distribution checkbox is able to be modified for Security Patch Scan Template
    • Resolved an issue where Agent System Requirement documentation incorrect
    • Resolved an issue where customer encountered error running machine software detail report.
    • Resolved an issue where recurring jobs are deleted when they fail if credentials were invalid.
    • Resolved an issue where Scheduled Task Manager could cause Window's user accounts to be locked out
    • Resolved an issue which resulted in Duplicate Service Packs in the Patches Table
    • Resolved an issue in documentation stating multiple consoles sharing the same DB on Domain Controllers with the same SID is not supported.
    • Resolved an issue where Copy of Asset template does not store the name in the correct table
    • Resolved an issue Upgrading protect overwrites st.servicehost.exe.config where we must store proxy information so the service can access the internet
    • Resolved an issue when Console culture is not supported by our patch data languages, the application will crash during deployment when download is about complete.
    • Resolved an issue where Running Executive summary report from a scan results has **multiple** in the machine group field.
    • Resolved an issue where agents could not be deployed as a Custom Patch
    • Resolved an issue where protect would crash when a required file was not in the manifest.
    • Resolved an issue where Protect crashes when user attempts to open an existing template after upgrade from 7.6 to 7.8.
    • Resolved an issue where an invalid distribution server credential gets an agent in an infinite check-in loop.
    • Resolved an issue where Patch scan path information not being fully painted
    • Resolved an issue in Power State Template where Shut Down when “Alert user, perform action when user logs off” is checked results in a reboot.
    • Resolved an issue in the Deployment Detail report when using Domain as an advanced filter results in an error invalid field smachDomainName.
    • Resolved an issue where Agent check-in failed due to IP Range for Primary Distribution Server being Blank.
    • Resolved an issue when trying to do multiple deployments at once crashes Deployment Tracker due to a dead lock.
    • Resolved an issue where deployments would reboot targets, but no patches were being deployed.
    • Resolved an issue where Agent patch deployment fails when the temp dir is not on the c drive
    • Resolved an issue where the Service Pack release date shows as 01/01/0001 due to UTC + 1 or higher being set.
    • Resolved an issue in documentation to state the Workstation Service is required by the VMware vCenter Protect Agent
    • Resolved an issue where export to CSV from machine view from Hardware Assets tab crashes the application.
    • Resolved an issue where a distribution server could have an agent framework and engine mismatch.
    • Resolved an issue where large numbers of agent policies cause the distribution server confirmation screen to be cut off.
    • Resolved an issue where scheduled jobs that encounter an error while running are deleted and do not show up in the log or the scheduler.


Released 05/12/2011

(NOTE: This build includes fixes from SKB17119)

    Major New Features

    • Virtual Machine Enhancements
      • patching VMware templates
      • Disable networking while deplying to offline virtual machines
      • Optional pre-deployment and post-deployment snapshots
      • Deploy to a machine in a different state than was scanned
      • Scheduled deployments to offline virtual machines
    • Agent Enhancements
      • Deploy service packs to agents
      • Checkpoint/restart downloads of agent patches and service packs
    • Patch Deployment Enhancements
      • Deploy patches contained within archive files
      • Scripted Patch Detection
      • Uninstall multiple patches in a single deployment
    • Database Maintenance Feature
      • Purge old data
      • Run Backups on a regular basis
      • Reindex the database
    • Integrated with VIPRE 4.0 SDK
      • Engine Performance enhancements
      • Includes VIPRE bug fixes and enhancements
      • "Limit AP Scanning to only high risk file types (High Performance)" added to Agent Policy, AP tab, File Access

    Minor Features and Enhancements

    • New threat report filter: “Days to report on”
    • Left-Nav modifications and new grouping
    • New deployment template for Hosted VM deployments
    • Multi Machine Properties edit from machine view and scan view, Patch Drive Patch, Custom 1, 2, and 3.
    • New option to suppress prompts; Ex Download size dialog now has a check box to "Warn Next Time", uncheck and you will no longer be warned. Can be turned back on through tools options.
    • Power Management change; Sleep and Hibernate commands were ignored if a user was logged into the target machine. Power State Change will now enforce for those machines as well since a locked machine or idle machine with a logged in user is a prime use case for this feature.
    • Machines not scanned added to automatic email options.
    • Added Hardware and Software Asset Inventory capability to the NetChk Agent. Asset information about Agent-managed machines are rolled up to the central console for management and reporting.
    • Added Software Asset Inventory collection on virtual machines that are powered off (offline). This allows NetChk Protect to create and maintain a current and accurate inventory of software assets on physical and virtual machines regardless of power state.

    Bug Fixes

    • Resolved issue related to importer failure which returns 0's for scan results
    • Resolved timing issue with Unable to Verify reported by Tracker
    • Resolved DecryptCredentials failure
    • Resolved Importer failure issue when Data is Null
    • Resolved Import failure when trying to move file to bad files folder
    • Resolved Importer failure when trying to access the file 'arrival file path' and it is being used by another process
    • Resolved a Scans never complete. The Scanner Count does not match Import Count
    • Resolved Importing Machine Groups issue where you have to click on any other Machine Group before you can import another one
    • Resolved issue where you Can't set domain credentials for "My Domain" default machine group
    • Resolved Importer issue where Some scan results are 'hung' in the arrivals folder - Reprocessing Bad Files
    • Resolved issue where Protect incorrectly exports machine role details that are utilized by SSI
    • Resolved issue where Operations monitor show incorrect data
    • Resolved issue with Machines By Patch Report
    • Resolved issue with Unconventional Bulletin ID in custom patch
    • Resolved issue with install agent using example command script
    • Resolved Deployment with custom dialog failure
    • Resolved issue to cancel jobs using stscheduleview
    • Resolved issue when Attempting to "Deploy all missing" for a scan that includes at least one non-downloadable patch (which does NOT exist in the patch repository)
    • Resolved issue with Non English Language OS fail to download
    • Resolved issue if same user logs on to another console and connected to same DB, then going to tools > option > defaults creds > setting them will not work
    • Resolved database upgrades failure when converting SoftwareAssetScans converting the language field
    • Resolved issue when Selecting vendor severity in Deployment Detail report advanced criteria generates an er
    • Resolved issue with deploying Q931125/MSRC-001 patch displays as Uninstall Succeeded
    • Resolved issue where Patch scan template XML file location has no effect
    • Resolved issue with machine context menu slow to display when the user has many machine groups
    • Resolved issue with & in shavlik comment forum links not displayed
    • Resolved issue with Agent upgrade can break agent's ability to update patch and threat data
    • Resolved issue with having LangID of 0
    • Resolved issue with Scheduled scans do not get proxy credentials
    • Resolved issue with refresh files
    • Resolved issue where User is able to delete system deployment templates
    • Resolved Error 13 - Scanning SQL Server 2005 Unable to access registry key Error [87]
    • Resolved issue where user is Unable to set "Minutes between sending console results:" for data rollup > 1000
    • Resolved issue with Deployment Status by Machine: Report Gallery's "Deployment to report on" or Advanced Report Settings's Deployment Names time is in GMT not local time
    • Resolved issue with Threat Definition Version not updated when Threat Scan rolls up from Agent
7.8.1388.0 (SKB17119)

Released 04/19/2011

Bug Fixes

  • Resolved an issue with the custom patch editor. After saving news xml, the user had been unable to access the custom patch editor.
  • If the administrator does not check the Disable Active Protection box on the General tab, the end-user will not be able to permanently or temporarily disable Active Protection. Prior to this patch the user was still able to temporarily disable Active Protection.
  • Resolved an issue with the custom action functionality that occurred following a post reboot.
  • Resolved an issue with deploying service packs from an agent that was upgraded from 7.6 (the service pack would not deploy).
  • Resolved an issue with agent deployment where failed downloads of service packs or patches from a distribution server could indefinitely block the agent's deployment of those service packs or patches. Also related to this issue, the Clear Retry Counts command, in addition to resetting retry counts, will now delete an agent's local copies of downloaded patches and service packs. This will not affect the state of installed patches or service packs.
  • Resolved an issue with mounting VMs, where the user was not able to mount VMs with datacenters under a folder.
  • Resolved an issue when deleting a patch task from a copy of an agent policy. • Resolved an issue where agents failed to download patches/service packs when
  • BITS Service is configured to have a startup type of 'Disabled.'
  • Resolved an issue where the managed machine resolver did not correctly exclude IP addresses.
  • Resolved an issue where, if the user exceeds the number of deployment seats permitted by their license, they could not use the Get more deployment seats button.
  • Resolved an issue with the deployment of Office patches when an Administrative Installation Point (AIP) is used.
7.6.1496 (SKB16779)

Released 12/15/2010  (NOTE: This build includes fixes from 7.6.1482 and SKB16779)

    Bug Fixes

    • Resolved an issue where the ‘Item History’ report and the ‘Seat License Status’ report were not available in the report gallery
    • Scan fails to import properly due to file locking issue on the scan information importer
    • Resolved an issue where deployments would fail when deploying patches that could not be downloaded
    • Resolved an issue where scans would hang on importing new definitions: Error – ‘Object synchronization method was called from an unsynchronized block of code.’
    • Resolved an issue where deployments fail when installing or upgrading to 7.6 on a disconnected network

Released 9/28/2010

    Features and Enhancements

    Shavlik NetChk Protect 7.6 includes the following enhancements:

    • Patch Scan caching abilities that will improve the performance especially over WANs
    • Ability to execute agent policy actions by sending ad hoc commands from the console to your agents (e.g. executing a patch\power\asset task, update definitions or binaries, clearing retry counts, etc.)
    • Original Scan State column added to Scan and Machine views (Option to display the original scan state as an additional grouping\filtering option)
    • Agent AV ad-hoc tasks from the console - simplified management for the administrator
    • Quarantine management (both policy driven & ad-hoc tasks) – better control for the administrator over quarantined threats
    • “Threat Events View” – new more granular view of threat and Active Protection events for the administrator·
    • Perform AV threat scan on a specific file/folder – allows an individual user (agent) to perform a scan of a specific file\folder or an entire USB drive that they just placed on their computer
    • New AV/Threat Reports – better reporting for the administrator and their management
    • AV Alerting from console – automatic alerting for the administrator when Active Protection thresholds are reached
    • Exclude files/folders from being scanned (policy-driven w/ wildcards, environmental variables) – ability for the administrator to exclude files/folders that you don’t want to scan for performance or other reasons

    Bug Fixes

    • Resolved a UI issue when deploying patches using Distribution server where the distribution server IP range does NOT have a primary distribution server specified
    • Resolved Data Rollup to include machines that fail to scan in the scan results as shown on the Central Console
    • Resolved an issue to save IP Address in Data Rollup configuration screen
    • Resolved RPC timing issue that cause error 1726
    • Resolved an Importer failure to move file to bad files folder if exception occurs during import
    • Resolved an issue when selecting "deploy all missing" From a scan of a windows 2000 box shows informational patches in the "deployment configuration" screen
    • Resolved an issue of not being able to deploy .NET Framework 2.0 SP2 from Scan View
    • Resolved an issue where Agent installs allows for non-administrators leaving system in bad state
    • Resolved an issue to handle duplicate Patch names in PD5.xml
    • Resolved an issue where application shuts down when you press TEST button when adding credentials with NO password
    • Resolved an issue to save command Timeout setting in during upgrades
    • Resolved OU structure display duplicates and machine on the main node
    • Resolved an Importer failure where the process cannot access the file 'arrival file path' because it is being used by another process
    • Resolved an issue where Deployment Templates created by Admin A do not show in drop down when choosing default Deployment Template for other admin
    • Resolved skippatchmail and scanemail command options missing from ShavlikConsoleTask
    • Resolved reports issue where - No data in Machine HW Detail report from Agent running Asset Scan task - Data shows in MV
    • Resolved an issue where Left navigation panel cannot be expanded past default
    • Resolved an issue with SafeReboot - Restart on User log off causes Program still needs to close dialog box to appear on Windows 7
    • Resolved an issue where No warning logged when disconnected console attempts to import results created from newer XML
    • Resolved an issue where Refresh Files causes unhandled SQL Transaction Timeout exception when attempting to import patch data
    • Resolved an issue with Scheduled jobs with '&' in name do not appear in the GUI queue
    • Resolved an issue with Executive Scan Summary (with view current status option) is showing more than the latest scan results
    • Resolved an issue with Data Base upgrade timeout
    • Resolved an issue with Reports: Patches by Machine Detail shows multiple entries for the same missing patch on the same machine (across multiple scans)
    • Resolved an issue with Machine Group: Scan only settings are being ignored in patch scans
    • Resolved Unhandled exception from BuildNewsfeedInternal()
    • Resolved a tracker issue after rescan where tracker reports Unable to Verify
    • Resolved an issue of not being able to use UNC shares as patch repository
    • Resolved an issue where copied patches were not included in Missing Patch Count column
    • Resolved an issue where threat data were not downloading to console when roles are enabled
    • Resolved an issue with Tracker drop down list does not refresh
    • Resolved an issue where User Criticality in Patch View was not current with actual value even when refreshed
    • Resolved an issue when you remove an agent machine from MCV, it can no longer check in
    • Resolved issue with Threat data scan smart filters
    • Resolved a race condition with StartFileSet()
    • Resolved an issue when deploying to Office 2003 build 1183138221
    • Resolved an issue with "View Current Status" should not be available inside Advanced Report Settings
    • Resolved an issue when Entering in a long Distribution Server name
    • Resolved an issue with Deployment Seat Enforcement Algorithm doesn't work with multiple consoles
    • Resolved an issue of not being able to change the DB timeout for Protect upgrades
    • Resolved an issue when attempting to scan offline machine on FREE ESXi
    • Resolved an issue with Tools --> Options --> Save with Subquery returned more than 1 value
    • Resolved an issue of not all results are being imported into the database, all agent scan results are going into BAD FILES folder. DB Error DisplayVersion exceeds database field length '55'
    • Resolved an issue of not being able to upgrade 7.2 database to 7.5 due to existence of Spyware patch groups
    • Resolved an issue when updating policy for 4000 agents
    • Resolved an issue where remote dialogue with special characters will corrupt display
    • Resolved an issue with MCV: Missing patches NOT shown after refresh of machine where user deleted the last scan. Other scans exist
    • Resolved an issue with Protect fails to open after deleting User's Profile
    • Resolved SQL-DATABASE-MAINTANENCE Script fails on databases that have old scans due to constraint issues
7.5.2779 (SKB16359)

Released 07/27/2010

    Bug Fixes

    • Resolved Agent UI crashes that resulted from a race condition in event subscribtion
    • Corrected the Patch Assessment Service so it no longer stops running and does not send a message back to the GUI
    • Fixed Threat definitions that failed to sync if a single Distribution Server is offline
    • Resolved an issue where deployments fail because of a Detection Only patch
    • Fixed a problem that resulted in a scheduled scan on a Win 2K8R2 system creating an interactive console task
7.5.2733 (SKB16284)

Released 05/28/2010

    Bug Fixes

    • Fixed an issue where patch scanning is returning incorrect scan results due to probably network errors.  Patches are detected as missing when they are installed.
    • Resolved a problem with NetChk Agent log file activity that causes NetChk Agent UI to crash
    • Corrected an issue with NetChk Agent policies where creating a copy of a policy causes an Always Allow entry to go to the Never Allow entry
    • Fixed a problem with asset scans that resulted in Boolean variables always show as false
    • Resolved an issue where wrong service packs being displayed and deployed
    • Fixed SafeReboot so it no longer fails if executed on system where 1 or more users are connected via RDP
    • Corrected a problem where Software Deployments stays checked after unchecking under certain conditions, resulting in software being deployed unintentionally when clicking cancel

Released 05/04/2010

    Major New Features

    • Added Power Management Module
      • Create a licensable module to manage the power state of computers. By turning off computer at night and on weekends, businesses can save up to $60 per computer per year
      • Integrated Wake-on-LAN to the Power Management Module. Conflicts exist between a company’s desire for Greener IT and the need to deploy critical security updates. Shavlik’s Power Management Module is a seamless integration of powering computers off when not in use and waking them up for scheduled maintenance windows.
    • Added Hardware and Software Asset Inventory capability to the NetChk Agent. Asset information about Agent-managed machines are rolled up to the central console for management and reporting.
    • Added Software Asset Inventory collection on virtual machines that are powered off (offline). This allows NetChk Protect to create and maintain a current and accurate inventory of software assets on physical and virtual machines regardless of power state.

    Bug Fixes

    • Fixed issue related to download patches from Patch View (Firefox 1.0 and selecting all languages)
    • Added MS XML Hotfix in boot strapper to resolve Large scan crash
    • Corrected an issue with NetChk Agent download Patch or Threat Data using Ironport or Blue Coat proxies when set to download from Vendor over internet
    • Fixed issue of asset scanning of machine found in multiple nested machine groups
    • Fixed issue with saving existing custom XML file by clicking save icon (floppy disk)
    • Fixed database upgrade failure when you have duplicate Machine definition in machinelist table (one included and one excluded)
    • Fixed issue with Auto-email and reports being sent before deployment happens
    • Fixed Agents failure to install on domain controllers
    • Fixed failure in installation if http reservations exist for port 3121 and port 3122
    • Fixed issues with incorrect number of missing patches showing in machine view
    • Allow more than 32767 managed machines while viewing scan resultsFixed database upgrade issue once you manually set the Database (e.g. ShavlikScansTest) properties->Options->Numeric Round-Abort = true
    • Fixed timing issue to ensure patch scan results are available after scans complete
    • Added capability to deploy greater than 40 agents at one time with a 40+ character user name and password
    • Corrected a problem with deployments being removed when scans were being deleted
    • Fixed issue with deleting a Scan from Manage->Items
    • Fixed the Agent Check in fallback address
    • Fixed problem with logging and tracing once setting “all logging levels”
    • Fixed capability to scan nested groups where one group was deleted
    • Fixing error when logging off from computer using machine level credentials on Schedule scan
    • Fixed Asset scans when machine group includes machines via the "Link to file" external source option
    • Fixed ability to connect to Remote SQL DB using Windows Authentication
    • Corrected an issue that prevent automatic emails to be sent after scheduled scan completes
    • Enabled scheduled scans across domain without trusts
    • Solved thread issue when multiple scan threads access the same target at the same time
    • Fixed Machine type filtering under the advanced filtering for reports
    • Enhanced ability to download large number of patches
    • Fixed error when scheduling recursive scans
    • Enabled Shavlik Task Manager to handle bad XML from target
    • Updated .Net 3.5 download for pre-req installer for Machines not connected to the internet
    • Removed Spyware Signatures from Patch View
    • Fixed problem where rebooting a list of computers stopping after the first failure
    • Fixed resetting highlighted machines in scan results when grouping by specific column
    • Fixed incorrect scanning console name being reported when migrating existing database to a new console
    • Fixed foreign local issues where simple string comparisons would cause the application to fail
    • Fixed issue with entering a Shavlik Scheduler port number higher than 49000 Fixed errors in Patch Status summary report
    • Prevent installation of Agents on a FAT partition
    • Fixed issue of not being able to check the asset scan template under Tools
    • Fixed inconsistency reporting number of patches in the scan results
    • Ability for Manual Licensing to handle x64 bit machine
    • Fixed error when using advanced filters for Patches by Machines report
    • Fixed Unhandled exception when attempting to Remove E-Mail Address from Machine Group
    • Fixed problem with ability to perform scan with auto deployment from a non-English OS
    • Improved Importer Performance when 'Updating the database with the latest descriptions'
    • Fixed issue with deleting distribution server
    • Fixed issue with XML not updating for re-occurring scans
    • Fixing problem with setting up data rollup, when user tries to import 6.5 data rollup .drs file
    • Fixed close of Scheduled Tasks GUI when refreshing machines
    • Showing Custom Deployment Template in drop-down if it was created by another user when My Items only is disabled
    • Fixed problem with ability to schedule reoccurring scan
    • Fixed ability to delete filter from Patch Centric view
    • Enabled Organizational Units to be sorted alphabetically by name
    • Resolved E-mail address validation to ensure valid addresses are not blocked
    • Fixed parsing issue when settings stored in the sysInfo table using the bit data type
    • Fixed Scan Results importer to handle the apostrophe character correctly when inserting domain Rule's
    • Fixed setting default credentials in tools --> options
    • Fixed a regional settings issue that resulted in an unexpected error and need to close to recover when Customer clicks on scan results in Today’s Items
    • Reduced the time it takes to verify seat licenses
    • Fixed Machine Status Summary report graphic header
    • Fixed an issue with the agent UI failing to terminate when the user logs off
    • Fixed an issue with Agent not deploying on machines with IPv6
    • Resolved an issue of time out when running the SchemaInstaller.UI.exe on a large remote database
    • Corrected an issue of download failure when Patch downloads sources through DS or Custom Share in Tools/Options are looking for the wrong patch format
    • Eliminated duplicates in Top 10 Missing Patches Report on a Roll-up console
    • Fixed importer problem with the result importer does not download newer data files when it receives results of scans that used a newer XML
    • Fixed an Agent Import issue
    • Added the Sending Console ID to Threat Results Export
    • Resolved an issue with Machine View when refresh machine doesn't update middle pane
    • Fixed a problem when providing bad user name in Set Credentials dialog
    • Warn users that SQL 2000 is not supported when Protect database upgrade on SQL 2000
    • Corrected an issue when Windows Xp 64 bit is incorrectly reported as Windows Server 2003 on agent check-in
    • Fixed failure to import of software asset scan results with invalid product cultures
    • Corrected install failure if VMware VDDK 1.1 Installed
    • Fixed failure to import Scan Results if xml version is out of date
    • Fixed a problem of results files being marked as "Orphaned" by the importer even though they were successfully processed
    • Corrected failure to import scan results with a scan name
    • Fixed Office Deployment prompts for the wrong product, Excel 2000 instead of MS Office 2003
    • Fixed a problem with threat data always downloads from vendor, regardless of Tools > Options setting
    • Fixed a problem with download of Large Service Pack which hangs at 100% complete indefinitely and closes the app when clicking cancel

Released 02/24/2010

    Bug Fixes

    • Corrected an issue where scheduling a scan more than 32 days in the future resulted in the scans running immediately
    • Fixed an issue with application operations and Ironport or Blue Coat proxies
    • Resolved a problem with stSched that prevented scheduled deployments of patches to NT4 systems
    • Modified how results are imported into the NetChk console to significantly speed up importing results
    • Fixed the results importer so asset scan results are successfully imported into the NetChk console
    • Corrected recurring jobs to work properly with Microsoft scheduler 2.0
    • Prohibit Vista and later operating systems from using the Microsoft AT scheduler; use of the AT scheduler on these operating systems results in hundreds of scheduled jobs being generated as a result of pingback failures
    • Resolved an issue with the Microsoft scheduler 1.0 that resulted in an application crash when scheduling recurring scans
    • Fixed an issue where deployments using reboot dates more than a month out in the deployment template were not scheduled correctly
    • Deployments scheduled in the past will now run immediately rather than a month in the future
    • Corrected issues with silient.exe that prevented successful deployments without user intervention
    • Corrected an issue with the NetChk Protect 7.2 update 1 patch that deletes install location resulting in the application not remembering the previous installed location
    • Resolved an issue that prevented scheduled deployment jobs from being deleted

Released 12/01/2009

    Feature Enhancement

    • Enhanced Data File Download and Distribution Server Sync functionality. Specify never download data files (run disconnected), download newer files when the application launches, specify an interval for data file downloads and anchor that interval to a specific hour, or specify newer data files are downloaded on a specific day of the week and hour of the day.
    • Extended NetChk Agent policy version control to components modified outside of the Agent policy. If you modify a scan or deployment template, or patch group used by a template, it will be updated in the Agent policy on the next Agent check in.

    Bug Fixes

    • Resolved an issue that prevents NetChk Agents from checking in when the listener fails to initialize.
    • Corrected an issue where adding the same contact name to the address book caused the console to crash.
    • Fixed problems with regional settings that prevented results from being imported and reports from being generated properly.
    • Changed the installer to allow control of where the product is installed. Upgrades will be installed in the previously-defined location.
    • Resolved deployment seat count issue with the NetChk Agent.
    • Enabled the Agent to use recognize the Patch Group Text file.
    • Fixed the Agent so it would not crash when attempting to install more than 8,000 patches.
    • Corrected a problem so the scheduler could be successfully uninstalled.
    • Modified the Agent to initiate a reboot after deployment in all cases when the deployment template specifies a reboot.
    • Resolved an issue where deploying patches to a specific IP range when multiple IP ranges were scanned resulted in all missing patches in all IP ranges being deployed.
    • Added a variable to the STEnvironment configuration file to control how long to wait for scan results to be imported before automatically generating reports to be emailed. Default is 30 minutes (increased from 2 minutes).
    • Fixed an issue where creating a very large patch group (200+ patches) by doing a right-click select, crashed the application.
    • Eliminated a console crash when the system errors out with multiple failed patch downloads.
    • Corrected an issue that prevents removal of a specific patch from a patch group.
    • Changed the database query to support changing the Office path/credentials when multiple consoles are connected to the same database.
    • Resolved a Scan View issue that prevented deleting multiple selected patches.
    • Implemented a change support console installation on a Windows Server 2003 SP2 terminal server.
    • Fixed a timing issue that resulted in an error when selecting a large number of patches in the Scan Results view.
    • Corrected a problem that prevents the console UI from correctly updating during Agent installs.
    • Added use of a shared drive as the patch download center path.
    • Fixed an issue where the console was started minimized.
    • Resolved a problem that prevents patch deployments from Machine View.
    • Added ‘Friday’ as a selection in the scheduler. Removed duplicate ‘Saturday’.
    • Corrected issues when scheduling scans, deployments, or scans with auto deployments across month boundaries.
    • Eliminated a timing issue that resulted in inconsistent scan results numbers in Executive Summary.
    • Verified the pre-req installer handles detection and installation of MSXML 6.0 hot fix for all supported operating systems.
    • Changed the license scheme to eliminate need for console activation after moving the console with VMotion.
    • Modified database queries to prevent ‘Out of Memory’ exception when opening Machine View that includes Asset Scan information.
    • Increased the SQL command timeout to prevent an application crash when Deleting Scans from Managed Items in a large database.
    • Re-enabled support for console operations that do not require access to admin shares.
    • Corrected an issue that prevents threat data files from being downloaded in a proxy server environment.
    • Added the machine group used for scanning to asset scan results of virtual servers.
    • Fixed an issue that prevented obtaining a console certificate if the application was not installed in the default location.
    • Resolved a problem that resulted in an application crash when removing address box contacts from Managed Groups.
    • Eliminated a limitation of performing asset scans on no more than 64 machines.
    • Corrected an application crash when deploying patches when IE 5.5 SP2, IE 6 SP1 or IE 6 SP2 is contained in the deployment.
    • Fixed an issue where Agent deployments would fail if the machine had been previously scanned by IP address.
    • Modified the product so data roll up ignores deleted machines.
    • Resolved multiple Agent updater executable issues that prevent successful updates during data drops.
    • Corrected an issue that resulted in a console crash when attempting to download language-specific patches and the patch does not exist in that language.
    • Fixed an issue where a distribution server with null credentials failed to upgrade.
    • Added support for automatic email of reports upon completion of a scheduled asset scan.
    • Fixed an unhandled exception when testing proxy credentials in a disconnected environment.
    • Resolved an issue where run disconnected mode was not being remembered.
    • Added support for assets scans of a machine group defined by a linked text file.
    • Corrected an issue parsing asset scan results from non-English languages.
    • Fixed scan results reporting of Windows Server 2008 R2 as an ‘unknown OS’.
    • Added Last Threat Scan Date and Last Threat Definition File information to machine view.

Released 10/06/2009

    Major New Features

    • Asset Management: Shavlik’s Asset Management leverages the company’s innovative Agentless approach to thoroughly and dynamically discover and catalog IT assets.
    • Software Assets
    • Hardware Assets
    • Virtual Machine Assets
    • Enhanced Integration with Virtual Infrastructure: Significant enhancement over previous handling of virtual machines within NetChk Protect. Now there is a tight coupling of NetChk Protect with virtual infrastructure including vSphere, VI, ESX, or ESXi.

    Bug Fixes

    • Resolved an error that prevented scheduling recurring scans on Fridays
    • Corrected issue where threat results repeatedly sent to the rollup console at every rollup interval
    • Added MSXML hotfix (KB960064) to the boot strapper to address a memory consumption issue that resulted in hangs while scanning large numbers of machines
    • Fixed Importer failure to import agent patch deployment result files that contain no patches
    • Database Installer Fails when an existing SQL Login is specified for Services Connectivity that is not already mapped to a Database User
    • Fixed Prereq installer to NOT install c++ runtime
    • NetChk Patch Service Fails to start before the maximum OS service start timeout
    • Fixed access denied error on Console if doing a scan while the service is importing newer XML
    • Resolved Scan view crash during a large service pack download
    • Corrected issue where earlier versions of HFCLI cannot scan target after a 7.0 deployment
    • Added charts missing after performing first scan
    • Corrected issue in DB Updater that caused Distribution screen to error on upgrade
    • Addressed the incorrect default value of the data rollup port
    • Fixed an issue where remote database installs and upgrades fail on Windows Server 2003 when connected via Terminal Service
    • Resolved problem with the right-click context menu in scan view to filter by the selection (it was defaulting to selecting all machines in the scan as in context)
    • Corrected an application crash when opening the Distribution Server manager
    • Added input validation for content entered in the Tools->options->Proxy user dialog box as invalid content resulted in an application crash
    • Fixed an issue that prevent deploying patches from machine view to machines found during dynamic ESX server scan
    • Resolved a console crash when deleting a contact from the address book
    • Corrected an application crash from a null string when downloading less common non-English language patches
    • Fixed an issue where editing Distribution Servers failed repeatedly
    • Removed limit of 64 as the maximum number of asset scans

Released 08/11/2009

    Bug Fixes:

    • Fixed a bug where entering a duplicate email address in the address book would cause the console to crash
    • Fixed a bug where viewing scan results or selecting machines in the scan view might cause the application to crash
    • Fixed a bug where downloading large files (such as Service Packs) would fail on XP and WS03 consoles due to an issue with checking digital signatures on large files
    • Fixed a bug where agent scan results and/or child console rollup results would not appear in the main console if the agents or downlevel consoles were running with a newer version of hfnetchk6b.xml
    • Fixed a bug where agents failed to check-in with the console if the agent policy was configured to use 'Distribution Server - by Agent IP range' and that policy did not include a reference to a backup Distribution Server
    • Fixed a bug where version 7 claimed that all license seats were in use and could prevent installation of patches and/or functionality of agents.
    • Fixed a bug where agents were not able to be deployed on some Domain Controllers
    • Removed the need for WMI to be running on systems where the agent was being deployed
    • Fixed a bug where the agent UI would not function if the agent policy was configured to use 'Distribution Server - by Agent IP range'
    • Fixed a bug where the Shavlik services may fail to start
    • Fixed a bug where version 7 may fail to install if the console was not connected to the Internet or was running behind an authenticating proxy server (installer issue - fixed in the new installation bundle only)
    • Fixed several bugs where the database migration process failed when upgrading from version 6.x to version 7 (installer issue - fixed in the new installation bundle only)
    • Fixed a bug that prevented installing version 7 if a prior installation of version 7 had failed (installer issue - fixed in the new installation bundle only)

Released 06/30/2009

    Major New Features:

    • AV
      • Added antivirus / threat management engine to the NetChk Agent
      • Added on-access and on-execution Active Protection capabilities to the NetChk Agent
    • Shavlik NetChk Console
      • Refreshed and redesigned the main page with new charts and new items. New charts provide immediate view into the latest status of machines on the network. New items include 'How do I...' links to the Help File making it easier to get the most value out of NetChk Protect.
      • Multi-tasking GUI. Launch multiple scans, review results, initiate deployments - all at the same time.
      • Shavlik NetChk console can be installed on Vista systems
      • Enhanced the machine group interface. Machines can be sorted and grouped by a variety of attributes.
      • Enhanced the patch group interface. Patches can be sorted and grouped by a variety of attributes.
      • Enhanced the left navigator to use Outlook-style display
      • Enhanced patch download window. Patch download status is displayed for each patch being downloaded.
      • Enhanced the patch deployment test function. The test function follows the same code path as real deployments.
      • Added bulletin release date, bulletin title, and patch type columns to the patch group window
      • Added group name to patch scan results in the left navigator
      • Added ability to perform automated data file downloads every X hours
      • Distribution Servers can be synced every X hours
      • Enhanced the console functions to operate more efficiently\quicker when reading from large databases
      • Added ability to add machines to existing machine groups via right click menu option
      • Added ability to add patches to existing patch groups via right click menu option
      • Enhanced the Machine View - added smart filters, search capabilities, and sorting\filtering\grouping functions.
      • Added a column to the Machine View to display the last agent checkin date
      • Added Microsoft Exploitability Index values to patch data in the Patch View
      • Consolidated ports - the data rollup function uses same port number as NetChk Agents
      • Enhanced E-Mail selection window
      • Added ability to delete old machines from the machine view (as long as they're not currently occupying a deployment or agent license)
      • Improved speed and responsiveness -- the patch scan engine is 3x to 5x faster
    • Shavlik Agent Infrastructure
      • NetChk Agents do not require distribution servers. Data and engine files can be downloaded directly from the Internet.
      • NetChk Agent installations use an MSI file
      • NetChk Agent can be installed on Vista systems
      • NetChk Agent can be installed on the NetChk console
      • Enhanced the NetChk Agent scheduling capabilities. NetChk Agents now have the same flexible scheduling available in Agentless operations.
      • Multiple patch and threat tasks can be assigned to one policy
      • Enhanced the agent policy manager (multi-select)
      • NetChk Agent can be configured with a 'listening' port to receive agent policy updates and instructions instantly
      • Agent patch policies can leverage existing agentless scan templates
      • Agent patch policies can leverage existing patch groups. The 'approved patches' list has been replaced by selection of one of three options: deploy all missing, deploy from patch group, deploy all vendor Critical patches (or deploy patch group PLUS all vendor critical patches)
      • Agent patch policies can be configured to always scan for (and deploy) vendor Critical patches, eliminating the need to define and maintain patch groups
      • Agents checkin with the console for updated policies, rather than the distribution server
      • Enhanced the NetChk Agent client user interface
      • Added option to perform agent tasks X minutes after system start if previously scheduled start time was missed
      • Added ability for non-administrator users to launch patch and threat scans and perform remediations from the agent GUI (if configured to allow users to do this)

    Other New Features, Enhancements, and Bug Fixes:

      • Fixed a bug where the patch scan engine might fail when doing aqentless scans of thousands of systems
      • Fixed a bug where canceling scans or deployments against offline VM images might not work properly
      • Fixed errors encountered when scanning offline VM images that are part of nested machine groups
      • Fixed a patch deployment bug where SystemRoot could not be identified on some systems
      • Fixed a bug where the Deployment Status Report would include data on all patches even though the report is set to filter on specific criticalities
      • Fixed a bug where Report Only users were able to delete scan and deployment results
      • Fixed a bug where the console display would not refresh properly after canceling a patch download
      • Updated NetChk Agent (patch) to correctly deploy certain SQL Server patches
      • Fixed a bug where deleting machine group credentials removed Domain credentials after the scan completed
      • Fixed a bug where custom patch features failed to execute on agent-managed machines
      • Fixed a bug where custom patch features failed to work as expected with R2 systems
      • Enhanced the console to provide better results for agents when agents perform multiple scans per day
      • Fixed a bug where Office media path credentials may not have been saved in the deployment template
      • Fixed a bug where deployments from a Windows Server 2008 console failed to execute on NT4 systems
      • Fixed a bug that prevented the use of a Distribution Server on a remote system where that location was the specified console download location
      • Fixed a bug where automated e-mails failed to operate for offline virtual machine images
      • Fixed a bug with NetChk Tracker where patch rescans were initiated before the target system was read to be rescanned
      • Enhanced NetChk Tracker with additional status messages to indicate that machine was restarted and was awaiting rescan
      • Enhanced the patch download status window to display download status for each patch
      • Enhanced the NetChk Agent so it can checkin with the console by using its IP address rather than hostname (Agent must be installed manually and console's IP address should be specified during installation)
      • Fixed a bug where canceling an agentless patch scan wouldn't cancel immediately
      • Modified the NetChk Console to only allow one running instance of the application
      • Fixed a bug where the 'Machines not Scanned' report would not allow filtering on individual scans
      • Fixed a bug in the NetChk Agent deployment process where the Agent icon wouldn't appear in the system tray when first installed
      • Fixed a bug where scheduling a deployment across a month boundary would fail if using the Microsoft scheduler
      • Fixed a bug where patches that had been uninstalled were not able to be installed again using the NetChk Agent
      • Fixed a bug where SafeReboot was not always executing on Windows 2000 systems
      • Fixed a bug where the Machine Inventory and Top Ten Missing Patches reports were not automatically sent out (as configured) at the end of a patch scan
      • Fixed a bug where patches with .msp extension were not not always being installed on Agent-managed systems
      • Fixed a bug where scheduled scans were using incorrect time and date when console was set to Danish regional settings
      • Fixed a bug where custom patches marked as 64 bit were looking into the 32 bit registry
      • Fixed a bug where SQL Server Service Packs could not be installed from the Summary by Patch screen
      • Fixed a bug where offline VM image scans did not return the target system's workgroup name
      • Fixed a bug where filtering by comment did not work in the advanced filtering report options
      • Fixed a bug where canceling a scan of offline VM images may leave some images mounted

What's New

The Communicator’s Corner: Add to Your Holiday Cheer with ITScripts
Earlier this month, Anne Steiner wrote a short series of blog articles call...

December Patch Day Round-Up
Although it was not as large as the November Patch Tuesday, December’...

Shavlik in the news- December Patch Tuesday
Compared to last month’s Patch Tuesday (the biggest this year) this month’s...