Symptoms
Shavlik Protect patch scan results show different patches needed than when running a Windows Update.
Resolution
Shavlik Protect uses different detection logic to scan for patches than Windows Update and other patch vendors. A Windows Update scan has the ability to show missing Security Patches, Non-Security Patches, Security Tools, driver updates, and sometimes patches that aren't publicly downloadable.
Depending on what Scan Template you are using in Protect, the results will vary. The built-in security patch scan will only show missing security patches. The built-in WU scan will show missing security patches and non-security patches. And please note - we don't always include all non-security patches in our XML data right away either, as security patches take precedence.
You can always create a Custom Scan Template, and check security patches, non-security patches, and security tools for the most robust scan with Protect.
Shavlik uses a variety of methods to see if a target machine needs a patch. The process is detailed in the document "Explanation of how patch scanning detection works with Shavlik Protect" which can be found here: http://community.shavlik.com/docs/DOC-2259 .
Administrators can view files and registry entry criteria by searching for the patch in View > Patches of the Shavlik Protect Console main menu.
See this online help file for more information on using Patch View:
http://www.shavlik.com/support/Protect90HTMLHelp/Viewing_Patch_Details_(Patch_View).htm
There is also a difference in how Protect displays criticality and vendor severity. See this document for further information concerning this:
http://community.shavlik.com/docs/DOC-2160
Product Versions
vCenter Protect 8.x
Shavlik Protect 9.x