Shavlik hits a patch management high note with its robust NetChk Protect. When we launched this Rolling Review we cited automation of the patch process, strong change control and the ability to use bandwidth wisely as key decision points, and NetChk delivers well. The scheduler can handle both discovery and deployment of patches as well as continually scan systems for patch compliance, and we could stage a master version of Office. We were also kept well-informed thanks to its ability to generate Microsoft Baseline Security Analyzer-formatted output for scan results. By adding Shavlik's Distribution Server option, IT can control when patches are distributed to target machines. However, companies with Unix or Linux boxes will need to supplement NetChk.
Shavlik includes a patch repository that is checked prior to all scans, enabling NetChk to keep current with the most recent patches. The repository automatically updates Microsoft security- and non-security-related patches within 24 hours of release. Repository connections and the validity of patches applied by NetChk are verified by digital signatures, and communications between host and client machines use secure protocols. Patching of our test VMs was seamless.
Other features time-strapped IT groups will appreciate include the ability to set up automated e-mails of scan or deployment results, a choice between agent-less or agent-facilitated patch deployment, transparent support of virtualized systems, and spyware discovery and remediation. These are small features, but they show a level of maturity and over time will make a difference for organizations that must automate as much of the patch process as possible, yet still want to feel confident with results.
For those who must keep detailed security records, we found reporting both comprehensive and flexible. Reports are generated from scanning and patch deployment results and could be arranged and grouped in multiple ways. We used some of the default reports after our scan to gauge the success of patch distribution by severity and the rate of scan successes. Reports are easily exported into a variety of formats, including PDF, HTML, CSV, and RTF.