Shavlik HFNetChkPro, Continued
Once the scan completes, you will be presented with a patch summary report of the results. It will break down how many computers were scanned and how many patches and service packs are missing. It will also include several charts, such as the top ten missing patches, the top ten vulnerable machines, and the patch severity status.
HFNetChkPro's patch deployment and rollback functionality is also easy to use. You can configure deployment templates that set a variety of variables, such as whether the target machines are rebooted, the temporary files created during the installation are deleted, and if the deployment happens in "Quiet Mode" so it is transparent to the user.
With just a few mouse clicks you can download, deploy or uninstall a specific patch
Since this is an agentless solution, one question that needs to be answered is how it can analyze and patch remote clients. Does it have the ability to "trickle" a patch out to a client that is connected to the network via a slow link? The answer is yes, but the way this is accomplished might make you giggle... there is an agent add-on. Shavlik has extended the usefulness of their product by offering the Shavlik Security Agent . This can be deployed on remote clients and machines that are regularly offline, to ensure that they are scanned and patched on a regular basis. While these agents don't appear to directly leverage BITS, they do offer a feature called "checkpoint restart" that appears to offer similar functionality.
In Shavlik's own white paper they discuss agent vs. agentless solutions, and identify situations where an agentless solution will not be ideal. To their credit, they realized that their base product would have difficulty reaching roaming users, machines residing in de-militarized zones (DMZ) and machines that can be disconnected or inactive for long periods of time. The addition of an agent module creates a hybrid patch management solution that seems to offer the best of both worlds.