Ease of use |
NetChk Protect can be installed and used to deploy missing patches within minutes; not days, weeks, or months. |
Real-time patch validation |
NetChk Protect utilizes XML data files that are updated the moment a security patch is released. |
Agentless and agent-based operation |
Provides the ability to manage machines directly from a console and to manage hard to reach machines (such as roaming laptops) using agents. |
Background (non-modal) tasking |
Enables multiple tasks to run at the same time. Simultaneously perform patch and asset scans, download files, deploy patches, perform power management tasks, install agents, and keep on working. |
Patch supersedence |
Only those patches that are necessary and applicable to the scanned platform are evaluated during the scan process. Unnecessary and superseded patches are not presented. |
Dynamic product detection (DPD) |
Provides the ability to support additional non-Microsoft products simply by updating the necessary XML files. |
Virtual machine support |
Operates exactly the same on both physical machines and on virtual machines that are online. Can perform patch assessment of offline virtual machines without powering them on. Missing patches are copied into the virtual image so when the offline image is powered on it immediately patches itself. |
Technology endorsed by Microsoft |
NetChk Protect is built upon the same engine that powers the Microsoft Baseline Security Analyzer and the SMS Feature Pack and is driven by the same database schema used by the Microsoft Security Bulletin Web site. Shavlik Technologies is also the vendor recommended by Microsoft Corporation for customers with legacy Microsoft products no longer supported by MBSA 2.x (http://technet.microsoft.com/en-us/security/cc184924.aspx) |
Detailed Patch Analysis and Validation |
File versions and registry keys are evaluated to aid in determining patch status. Solutions that rely solely on registry keys and/or minimum file versions are unable to differentiate between legitimate files and trojaned files, including patches that have been re-released by Microsoft. |
External validation data |
File data used to perform patch validation tests are obtained from a signed source independent of the machine being scanned. Patch validation that is performed using file version data stored in the remote machine's registry cannot be relied upon to provide valid results. |
Data file anti-spoofing protection |
The XML patch data file is parsed only if obtained from a valid, specifically signed CAB file or SSL location. |
Trojan protection |
All files are digitally validated prior to patch deployment.
|