Purpose

The purpose of this document is to show how to use the Machine Group search feature to find which machine groups a machine is associated with.

Description

• To search through machine groups for a specific machine, start by right-clicking any machine group name in the left navigation pane. Click on 'Search Machine Groups'.

• In the Search Machine Groups window, you can type in the machine name that you're looking for. The search will automatically display the results of the search.

• You can highlight one or more line items to enable additional options such as, removing the machine from the group, including or excluding them from the group, or edit the source machine group.

Additional Information

How To: Organize Machine Groups and Templates into Folders and Sub-Folders in IPWS 9.3

Affected Product(s)

Patch for Windows Servers 9.3

Symptoms

Unable to publish updates.

Following entry could be found in the AutoPublish.log:

Error Publishing 'Adobe Flash Player 22.0.0.210 Internet Explorer' : Failed to sign package; error was: 2147942403

When running Configuration Checker under Shavlik Patch settings you are getting the error below:

Cause

• There is a WSUS configuration issue with the UpdateServicePackages shares.
• The problem is described here: https://social.technet.microsoft.com/Forums/en-US/5fdb03a7-2605-488b-80ca-f389499ab0df/scup-failed-to-sign-package-error?forum=configmanagersecurity

Resolution

You can verify where WSUS believes the folders are by running this at a CMD prompt on the Shavlik Patch server:

net share

This will show the location of the UpdateServicePackages shares.

You will need to use this command to point WSUS to the correct location of:

• \WSUS\WsusContent
• \WSUS\UpdateServicesPackages

WSUSUtil.exe movecontent <content path> <log path>

wsusutil.exe movecontent contentpath logfile [-skipcopy]

More information:  WSUSUtil.exe

Affected Product(s)

Shavlik Patch Plugin 2.x

Overview

We are changing how we handle patching for Citrix Receiver to better match up with Citrix's lifecycle process. The changes we are making are:

Versions less than 4.9: Systems running versions of Citrix Receiver prior to version 4.9 will detect as previously, with the newest patch being offered updating the software to version 4.9 which is the Long Term Service Release (LTSR) of Citrix Receiver.

Version 4.9: As this is the LTSR release it will have any Cumulative Updates marked as applicable for it, but it will not have the update to version 4.10 marked as applicable. If you want to upgrade to 4.10 from 4.9, 4.10 will be available as a Software Distribution as a separate branch, similar to how major version updates are handled currently of Java Runtime Environment.

Version 4.10: As this is the current release, and the start of a new branch, it will have updates marked as applicable as they are released up to the point of the next LTSR release of Citrix Receiver. At this point a new branch will be created, with versions between 4.10 and the next LTSR being offered updates to the LTSR version.

Additional Information

• Lifecycle Milestones for Citrix Receiver - Citrix
  
• Citrix Receiver for Windows 4.9 LTSR

Affected Product(s)

Shavlik Protect 9.2.x

Protect SDK 9.2.x

Ivanti Patch for Windows Servers 9.3.x

Symptoms

When attempting performing scan, you may receive error "Error code 201: Network connection error. Verify that you can logon to the specified machine " even though the most common prerequisites have been met, e.g.

• DNS resolution: nslookup machinename resolves correct IP
• Admin share access: net use \\machinename\IPC$ succeeds
• Remote registry connection: Able to connect to the machine from Regedit by going to File > Connect Network Registry...
• Windows Firewall is not configured.
• Have admin access to VM's, can map to VM's remotely C$ & IPC$.

Troubleshooting

On the target machine, the "Operational" log located under the Applications and Services Log/Microsoft/Windows/NTLM records warnings “NTLM server blocked: Incoming NTLM traffic to servers that is blocked”, "NTLM authentication requests to this server have been blocked."

Cause

NTLM Traffic is blocked on the target machine. Local Group Policy "Network Security: Restrict NTLM: Incoming NTLM Traffic" is configured as "Deny all domain accounts" or "Deny all accounts".

Resolution

Set "Network Security: Restrict NTLM: Incoming NTLM Traffic" to "Allow all".

Affected Products

Shavlik Protect 9.2.x

Ivanti Patch for Windows Servers 9.3.x

***PLEASE NOTE THIS PAGE IS NO LONGER BEING MAINTAINED.***

Please go to the following URL for the latest builds.

https://go.ivanti.com/Web-Download-Patch-SCCM.html

OLD INFO:

Microsoft System Center Configuration Manager 2012

Download

Download the installation file for Shavlik Patch for System Center to install this add-on into SCCM 2012. The install file includes the Shavlik Patch plug-in console for SCCM. You must have a functional copy of SCCM 2012 to run the install successfully.

You can download the installer here Product Download.

Training Videos

Ivanti Patch for SCCM Product Training (Formerly Shavlik Patch for SCCM)

Documentation

You can find documentation such as the product User Guide and Release Notes under Patch for SCCM here Product Documentation.

Version History

You can find the version history for this release here Version History.

Additional Information

A license key is required to activate Shavlik Patch 2.3 or later. Existing customers who are upgrading from Shavlik Patch 2.2 should automatically receive a license key in an email message from Shavlik. If you don’t have a license key, contact your Shavlik representative or visit: www.shavlik.com/company/contact.

Microsoft System Center Configuration Manager 2007

Shavlik Patch for Microsoft System Center Configuration Manager 2007 has limited functionality and requires Microsoft System Updates Publisher (SCUP) to import the Shavlik patch catalog. In this download, you will only get the CAB file needed to import into SCUP. Please see Ivanti Patch for SCCM Product Training (Formerly Shavlik Patch for SCCM) under the Shavlik Patch for Microsoft System Center Configuration Manager 2007 section for training regarding this product.

You must have a valid protectcloud.shavlik.com account in order to use SCUP.

Purpose

To troubleshoot the cause of the deployment error "File download failed"

Symptoms

When deploying a patch, the deployment fails with the Patch progress state of "File download failed"

Cause

This error occurs when the console attempts to download the necessary patch, but is unable to do so.  Some of the most common reasons you might see this include:

• The console is offline, not connected to the internet.
• The console is blocked from accessing the patch vendor's site (proxy, firewall, etc.)
• The console is set to download patches from a distribution server, but the patch in question is not there (possibly not yet synced from a main console, etc.)

You can get more information about the failure in C:\ProgramData\LANDESK\Shavlik Protect\Logs\ST.Protect.managed.<username>@<domain>.log.  Look for an entry that states "Download Error" like this example:

2017-12-29T22:12:09.2522976Z 0006 W SingleFileDownload.cs:554|Download Error 'file://<DistributionServerPath>/windows8.1-kb4051956-x64.msu': System.Net.WebException: Could not find file '\\<DistributionServerPath>\windows8.1-kb4051956-x64.msu'. ---> System.Net.WebException: Could not find file '\\<DistributionServerPath>\windows8.1-kb4051956-x64.msu'. ---> System.IO.FileNotFoundException: Could not find file '\\<DistributionServerPath>\windows8.1-kb4051956-x64.msu'.

Resolution

If the patch is supposed to be downloaded from the vendor, copy the download address from the error and enter it into a browser to shed more light on what's blocking access, then resolve whatever that block is.

If using a distribution server, make sure the patch is synced from its source so the console can access it.

If you are unable to make the download available using either of the methods described above, you can manually place the patch in the console's patch download location following the steps outlined in this doc:

How To: Supply and Deploy Patches That Can No Longer Be Downloaded

If you need any assistance determining what the block is or how to resolve it, please open a support case.

Affected Product(s)

Shavlik Protect 9.x

Ivanti Patch for Windows Servers 9.3+

Overview

Microsoft has identified a severe compatibility issue with a small number of anti-virus software products.

Due to to possible BSOD issues that may occur when installing this update on system with out of date AV software, we will be adding a detection prerequisite:

Key="HKEY_LOCAL_MACHINE" Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"

Value="cadca5fe-87d3-4b96-b7fb-a231484277cc"

Type="REG_DWORD”

• The patches will be offered for deployment if the key exists.
• If key does not exist you will be offered the detection only version of this patch.

Affected patches:

• MS18-01-IE Q4056568
• MS18-01-SO7 Q4056897
• MS18-01-SO8 Q4056899
• MS18-01-SO81 Q4056898
• MS18-01-W10 Q4056888, Q4056890, Q4056891, Q4056892, Q4056893

Affected CVEs:

• CVE-2017-5753
• CVE-2017-5715
• CVE-2017-5754

Link to Security bulletin advisory:  https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

Affected Products

Ivanti Patch for Windows Servers 9.3.x

Shavlik Protect 9.2.x

Purpose

To provide information regarding KB4058702, an out-of-band release from Microsoft to address critical security vulnerabilities

Information

Microsoft released KB4058702 late the night of 1/3/18 (out of band) to address an Intel CPU firmware vulnerability.  The patches released will be added to our patch definition XML update to be released later today, 1/4/18.

List of patches from Microsoft:

https://www.catalog.update.microsoft.com/Search.aspx?q=2018-01

Additional Information

• Important information on detection logic for the Intel 'Meltdown' security vulnerability

Affected Product(s)

Shavlik Protect 9.2.x

Ivanti Patch for Windows Server 9.3.x

Purpose

As of January 3rd 2018, Microsoft is now requiring a registry key to be added to machines for addressing compatibility issues with a small number of anti-virus software products.

More information on this can be found here: Important information on detection logic for the Intel 'Meltdown' security vulnerability

Description

1.  Download and extract the attached zip below or here to get the batch file used for adding the registry key.

2.  Create a new Patch Scan Template that scans for only Custom Actions. (this will allow you run this against machine with no missing patches)

3.  Create a new Deployment Template.

4.  Name the template. Ex: Intel Meltdown Registry Key

4.  Click on Post-deploy Reboot. Change the reboot option to 'Never reboot after deployment'.

5. Click on Custom Actions. Click 'New'. A prompt to save the template will be presented. Click 'Save'.

6. The first action will push the batch file. Ensure that step 3 states 'Push File', and then select the batch file from the local machine. Click 'Save' when completed.

7. Click 'New' once more. Change Step 3 to 'After All Patches' and use the following command in Step 4: Call %pathtofixes%addregkey.bat

8. Click 'Save' twice to finish creating the Deployment Template.

9. Use the new Scan Template to scan your target machines.

10. Once the scan is completed, click 'View Results'

11. The results will offer our nullpatch.exe for deployment. Proceed by right-clicking the patch and clicking 'Deploy all missing patches'.

12. Select the new Deployment Template created earlier. Click 'Deploy' to start the deployment.

13. Open regedit to validate the registry key was added.

Additional Information

How To: Perform a Custom Action Complete Tutorial with Custom Actions

Affected Product(s)

Shavlik Protect 9.2

Ivanti Patch for Windows Servers 9.3

Purpose

The purpose of this document is to discuss the behaviors when deploying the Windows Security out-of-band updates that were released on January 3, 2018.

The following document contains information on the changes to detection for the applicable patches: Important information on detection logic for the Intel 'Meltdown' security vulnerability

Description

Microsoft is requiring a registry to be on every machine that has no Anti-Virus or outdated Anti-Virus. The following Windows Security OOB updates released January 3, 2018 are affected by this:

• MS18-01-IE Q4056568
• MS18-01-SO7 Q4056897
• MS18-01-SO8 Q4056899
• MS18-01-SO81 Q4056898
• MS18-01-W10 Q4056888, Q4056890, Q4056891, Q4056892, Q4056893

Below is what the expected behavior when scan and deploying these patches without and with the registry key in place.

This is what to expect for scan and deployments when the registry key does not exist on the target machine:

When scanning machines without the registry key in place, you will be offered detection of the updates, but will not be able to download or deploy the update. This will be noted in the Ivanti Comments section for the patch:

Detection only support means the following:

The patch is not downloadable. If you try to download the patch, a message stating 'None of the selected patches need to be downloaded'.

This patch cannot be deployed, this is what the  Deployment Tracker will look like during the attempt. The download patches will not turn green as the patch cannot be downloaded and deployed until the registry key is detected.

This is what to expect for scan and deployments when the registry key exists on the target machine:

When scanning a machine that has the required registry key in place, the patches will be offered with full deployment support. This means the patch is now able to be downloaded from Microsoft and to be deployed to the endpoints.

The patch will now be downloaded and then packaged as normal.

The patch will now be scheduled and then start the deployment execution process.

Additional Information

How To: Use Custom Action To Add Required Registry Key For Deploying Microsoft Patches as of January 3rd, 2018

Affected Product(s)

Shavlik Protect 9.2

Ivanti Patch for Windows Servers 9.3

Purpose

This document will discuss the different methods of snapshot maintenance in Ivanti Patch for Windows Server 9.3. Snapshot Maintenance applies only if you have virtual machines in your network that are hosted on one or more VM servers.

Overview

Scheduled Snapshot Maintenance through the Console Task Scheduler

1. Go to Tools > Options > Snapshot Maintenance.

2. When you click Add or Edit, the Scheduled Snapshot Maintenance dialog is displayed. This dialog is used to configure the snapshot maintenance task.

Snapshot Maintenance through your deployment template

1. Go to your deployment template and navigate to the Hosted VMs/Templates tab.

2. Select the amount of days that you would like to keep snapshots or the maximum amount of snapshots that Ivanti Patch for Windows Servers will keep and save your deployment template.

3. Use this deployment template in your next deployment to your hosted virtual machines.

For instance, if you have specified that snapshots should be deleted after two days, each deployment, Ivanti Patch for Windows Servers will check to determine if any snapshots are two or more days old.

You can automate this process using How To: Setup Automatic Removal of Vmware Snapshots in Protect 9.2 .

Affected Product(s)

Ivanti Patch for Windows Servers 9.3

Purpose

This article provides a list of web addresses that may be required to download content or patches when using Shavlik Patch for Microsoft System Center.

Description

Ensure that these web addresses required by Shavlik Patch are accessible and allowed through firewalls, proxies, or web filters.

Additional Information

If you require the IP addresses to create exceptions you can find the IP addresses used for xml.shavlik.com or content.ivanti.com here. To obtain the IP for vendor sites you can ping the site for the current IP address or contact the vendor to obtain this information.

If you want to create an exception for an entire domain rather than entering all specific URLs, you can usually do so by entering the exception in this format:

*.domain.com

Example: *.Shavlik.com

Affected Product(s)

Ivanti Patch for SCCM

Shavlik Patch for Microsoft System Center

(Shavlik SCUPdates)

Overview

This article provides a list of required web addresses for the Protect application to allow:

• Patch files fail to download
• Patch definitions fail to update
• Activation or License Refresh fails
• Home page RSS feed fails to load
• Product check for update fails

URL List

Protect and Patch for Windows Servers require these URLs to be accessible through firewalls, proxies and web filters:

If you require the IP addresses to create exceptions you can find the IP addresses used for content.ivanti.com here. To obtain the IP for vendor sites you can ping the site for the current IP address or contact the vendor to obtain this information.

Affected Product(s)

Shavlik Protect, All versions

Ivanti Patch For Windows Servers, All versions

Purpose

The Ivanti Content Team created a Security Tool to help implement the required registry keys discussed in the Microsoft article linked below.  This document will step through the configuration to specifically target the new Security Tool and deploy it your clients.

Windows Server guidance to protect against speculative execution side-channel vulnerabilities

"Microsoft is aware of a new publicly disclosed class of vulnerabilities that are referred to as “speculative execution side-channel attacks” that affect many modern processors and operating systems, including chipsets from Intel, AMD, and ARM. Microsoft has not yet received any information to indicate that these vulnerabilities have been used to attack customers. Microsoft continues working closely with industry partners including chip makers, hardware OEMs, and app vendors to protect customers. To get all available protections, hardware or firmware updates and software updates are required. This includes microcode from device OEMs and, in some cases, updates to antivirus software."

Instructions

You will be creating a Scan Template and Patch Group to specifically target this Security Tool.  This will allow you to scan with automatic deployment without having to worry about installing other Security Tools we offer.  We will be offering 2 Security Tools, one to implement the registry keys and another to remove the registry keys.

• IVA18-001 Q4072698: This tool enables the fix for ADV180002
• IVA18-001 Q4072698U: This tool disables the fix for ADV180002

Creating the Patch Group

A Patch Group contains a list of patches you can use to use as a baseline (to scan for) or use to exclude from scan results. We will be using a Patch Group as a baseline to scan for IVA18-001 Q4072698.

1. Navigate to New > Patch Group.  Enter a Name for the Patch Group and optionally a Description. Click Save.

2. Search for IVA18-001 or 4072698. Right-click on the Security Tool IVA18-001 Q4072698 and choose Add to Patch Group then choose the Patch Group you created.

3. The Patch Group is created and can be added to the Patch Scan Template, close the Patches window.

Creating the Patch Scan Template

The Scan Template, along with your new Patch Group will help you scan for the new Security Tool.

1. Navigate to New > Patch Scan Template. 

2. Give the Scan Template a Name, matching the Patch Group Name is advisable.

3. In the Baseline or Exceptions section, choose Baseline and check-mark your Patch Group. (no other filtering is needed)

4. The Scan Template should look similar to this:

5. The Patch Scan Template is created, Click Save.

Scanning for the Security Tool

The setup is complete, you can use your new Patch Scan Template to scan for the new Security Tool IVA18-001 Q4072698. The Security Tool will show missing on systems that do not have the registry keys on them and can be deployed like a regular update.  A reboot is required.

Additional Information

• The target systems need to be restarted after running the Security Tools to enable or disable the registry keys for the changes to take effect.
• You can follow these instructions to scan for the uninstall Security Tool by creating a Patch Group including the IVA18-001 Q4072698U version of the tool.

Affected Product(s)

Ivanti Patch for Windows Servers 9.3.x

Shavlik Protect 9.2.x

Symptoms

After applying MS15-A02 KB3033929, the patch MS12-001 KB2644615 is now showing as missing.

Cause

The introduction of MS15-A02 in March 2015 opened up a security hole that is addressed by the installation of MS12-001 KB2644615 or MS13-063  KB2859537.

Resolution

Deploy MS12-001 KB2644615 based on the scan results from Shavlik Protect or download the install file for MS13-063 KB2859537 and manually run the file on the target machine

Affected Product(s)

Protect 9.X

Purpose

The Ivanti Content Team has created a Security Tool to help implement the QualityCompat registry key that enables deployment of the Windows security updates released on January 3, 2018. This document will step through the configuration to specifically target the new Security Tool and deploy it your clients.

Instructions

You will be creating a Scan Template and Patch Group to specifically target this Security Tool. This will allow you to scan with automatic deployment without having to worry about installing other Security Tools we offer.  We will be offering 2 Security Tools, one to implement the registry key and another to remove the registry key.

• IVA18-002 Q4072699: This tool adds the QualityCompat registry key
  
• IVA18-002 Q4072699U: This tool removes the QualityCompat registry key

Creating the Patch Group

A Patch Group contains a list of patches you can use to use as a baseline (to scan for) or use to exclude from scan results. We will be using a Patch Group as a baseline to scan for IVA18-002 Q4072699.

1. Navigate to New > Patch Group.  Enter a Name for the Patch Group and optionally a Description. Click Save.

2. Search for IVA18-002 or 4072699 as shown. Right-click on the Security Tool IVA18-002 Q4072699 and choose Add to Patch Group then choose the Patch Group you created.

3. The Patch Group is created and can be added to the Patch Scan Template, close the Patches window.

Creating the Patch Scan Template

The Scan Template, along with your new Patch Group will help you scan for the new Security Tool.

1. Navigate to New > Patch Scan Template. 

2. Give the Scan Template a Name, matching the Patch Group Name is advisable.

3. In the Baseline or Exceptions section, choose Baseline and check-mark your Patch Group. (no other filtering is needed)

4. The Scan Template should look similar to this:

5. The Patch Scan Template is created, Click Save.

Scanning for the Security Tool

The setup is complete, you can use your new Patch Scan Template to scan for the new Security Tool IVA18-002 Q4072699. The Security Tool will show missing on systems that do not have the registry key on them and can be deployed like a regular update.

Additional Information

• You can follow these instructions to scan for the uninstall Security Tool by creating a Patch Group including the IVA18-002 Q4072699U version of the tool.

Affected Product(s)

Ivanti Patch for Windows Servers 9.3.x

Shavlik Protect 9.2.x

Purpose

As of January 3rd 2018, Microsoft is now requiring a registry key to be added to machines for addressing compatibility issues with a small number of anti-virus software products.

More information on this can be found here: Important information on detection logic for the Intel 'Meltdown' security vulnerability

Description

1.  Download and extract the attached zip below or here to get the batch file used for adding the registry key.

2.  Create a new Patch Scan Template that scans for only Custom Actions. (this will allow you run this against machine with no missing patches)

3.  Create a new Deployment Template.

4.  Name the template. Ex: Intel Meltdown Registry Key

4.  Click on Post-deploy Reboot. Change the reboot option to 'Never reboot after deployment'.

5. Click on Custom Actions. Click 'New'. A prompt to save the template will be presented. Click 'Save'.

6. The first action will push the batch file. Ensure that step 3 states 'Push File', and then select the batch file from the local machine. Click 'Save' when completed.

7. Click 'New' once more. Change Step 3 to 'After All Patches' and use the following command in Step 4: Call %pathtofixes%addregkey.bat

8. Click 'Save' twice to finish creating the Deployment Template.

9. Use the new Scan Template to scan your target machines.

10. Once the scan is completed, click 'View Results'

11. The results will offer our nullpatch.exe for deployment. Proceed by right-clicking the patch and clicking 'Deploy all missing patches'.

12. Select the new Deployment Template created earlier. Click 'Deploy' to start the deployment.

13. Open regedit to validate the registry key was added.

Additional Information

How To: Perform a Custom Action Complete Tutorial with Custom Actions

Affected Product(s)

Shavlik Protect 9.2

Ivanti Patch for Windows Servers 9.3

Overview

We are changing how we handle patching for Citrix Receiver to better match up with Citrix's lifecycle process. The changes we are making are:

Versions less than 4.9: Systems running versions of Citrix Receiver prior to version 4.9 will detect as previously, with the newest patch being offered updating the software to version 4.9 which is the Long Term Service Release (LTSR) of Citrix Receiver.

Version 4.9: As this is the LTSR release it will have any Cumulative Updates marked as applicable for it, but it will not have the update to version 4.10 marked as applicable. If you want to upgrade to 4.10 from 4.9, 4.10 will be available as a Software Distribution as a separate branch, similar to how major version updates are handled currently of Java Runtime Environment.

Version 4.10: As this is the current release, and the start of a new branch, it will have updates marked as applicable as they are released up to the point of the next LTSR release of Citrix Receiver. At this point a new branch will be created, with versions between 4.10 and the next LTSR being offered updates to the LTSR version.

Additional Information

• Lifecycle Milestones for Citrix Receiver - Citrix
  
• Citrix Receiver for Windows 4.9 LTSR

Affected Product(s)

Shavlik Protect 9.2.x

Protect SDK 9.2.x

Ivanti Patch for Windows Servers 9.3.x

Overview

We are changing how we handle patching for Citrix Receiver to better match up with Citrix's lifecycle process. The changes we are making are:

Versions less than 4.9: Systems running versions of Citrix Receiver prior to version 4.9 will detect as previously, with the newest patch being offered updating the software to version 4.9 which is the Long Term Service Release (LTSR) of Citrix Receiver.

Version 4.9: As this is the LTSR release it will have any Cumulative Updates marked as applicable for it, but it will not have the update to version 4.10 marked as applicable. If you want to upgrade off of the LTSR version, you will need to install the desired version on your Endpoints. We are currently working on an upgrade package, and will update this article regarding it.

Version 4.10: As this is the current release, and the start of a new branch, it will have updates marked as applicable as they are released up to the point of the next LTSR release of Citrix Receiver. At this point a new branch will be created, with versions between 4.10 and the next LTSR being offered updates to the LTSR version.

Additional Information

• Lifecycle Milestones for Citrix Receiver - Citrix
  
• Citrix Receiver for Windows 4.9 LTSR

Affected Product(s)

Shavlik Patch for SCCM 2.3.x

Ivanti Patch for SCCM 2.3.x

Symptoms

• Detected patch continues to show as missing after successfully deploying.
• Patch that shows missing ends with 'U' every other deployment.

Cause

Certain patches exist as an installer and an uninstaller; these patches can cause a loop when scanning and deploying. When the installation patch is deployed it makes the uninstall patch considered to be missing. These patches are designed by their vendor in this manner to facilitate adding/removing the patch according to environmental needs. If scanning/deploying these types of patches it may appear that the patch continually is missing as it continues to add/remove per deployment. The uninstall patch will end with 'U'. These patches tend to belong to the 'Security Tools' patch type.

Example: Missing the Installation Patch

Example: After Installed, Now Missing Uninstall Patch

Resolution

Exclude the specific patch utilizing a patch group, or choose not to deploy the patches installer/uninstaller after scanning.

Refer to the following document:

How To:  Include or Exclude Specific Patches in Scan Results

How To: Include or Exclude Specific Patches in Scan Results

These are known patches that offer an uninstaller.

• Q2719615(U) - MS12-A04
• Q2719662(U) - MS12-A06
• Q2794220(U) - MS12-A10
• Q2847140(U) - MS13-A02
• Q2887505(U) - MS13-A08
• Q2896666(U) - MS13-A09
• QIE9001(U) - MSIE-002
• Q4072698(U) - IVA18-001
• Q4072699(U) - IVA18-002

Affected Product(s)

Shavlik Protect 9.x