Patch Management In The Enterprise, Part II

Shavlik HFNetChkPro

Scan by IP Address or Domain

Thus far, we have analyzed three products that utilize agent software on every managed workstation or server. We would be remiss if we neglected to examine at least one agentless Patch Management solution. Fortunately, Shavlik's HFNetChkPro fills that need nicely.

Given the fact that this is an agentless solution by default, all that needs to be installed to get started is the scanning console. This piece of software can even run on a modest Windows 2000 Professional workstation. The fact that it doesn't require one of the more costly Windows Server operating systems will probably be attractive to smaller organizations more sensitive to licensing costs.

The interface to initiate scans of the network is simple and intuitive. Shavlik recommends scanning by IP range as opposed to by domain as the scan will complete faster. As machines are running and present on the network, HFNetChkPro scans them for vulnerabilities, providing that the user initiating the scan is using an account with the necessary privilege level. During installation of the product, a "Did you know" pop-up informs you that the scanning engine Shavlik has created is also used in Microsoft's Baseline Security Analyzer. Clearly they have done something right.

The patch summary provides pertinent vulnerability information along with several helpful graphs