Shavlik Patch 2.2 available in early access!


The Shavlik Team is proud to announce the availability of Shavlik Patch 2.2 in an early access delivery.  Check out what’s new!

  • Edit packages (watch the video) – Change the command line switches, return codes expected, etc for a given package.
  • IAVA Support – For our Federal customers we have extended our IAVA coverage into our Shavlik Patch offering making it much easier to automatically cross-reference DOD IAVAs.
  • Republish and resigning of packages – The manual steps for doing this are long and painful and going down that rabbit hole is not recommended.  It is also no longer necessary!  We are going to do all the heavy lifting on this one.
  • Manage vendor and product categories (watch the video) – We have a new interface that lets you monitor and manage the categories in use so, again, you do not have to go down a significantly long, manual process to reclaim a category that is no longer in use.

We have a webinar scheduled for April 6th, 2016 to walk through the Shavlik Patch 2.2 features and show you whats new! You can also download Shavlik Patch 2.2 here.

Shavlik Patch 2.1 Makes 3rd-Party Patching With SCCM Even Easier

PatchWithoutBorderShavlik is proud to announce today’s release of Shavlik Patch for Microsoft System Center 2.1.

This is the second Shavlik Patch release this year, and it represents yet another quantum leap towards making third-party application patching within SCCM easy.

Shavlik Patch 2.1 focuses on five core areas: setup and configuration, automation, core patching capabilities, ease of use and globalization.

  • Setup and Configuration – Our new configuration checker allows you to verify that your SCCM environment is ready to publish and deploy third-party patches. It’s easy for application versions, credentials, and certificates to get out of sync. No problem; the configuration checker will point you to discrepancies in your environment, so you don’t have to guess where the problem exists.
  • Automation – With Shavlik Patch 2.1, you can create and save filters that allow you to control which applications, which vendors, and which individual updates you publish for a timeframe of your choice. For example, say you want to publish all Adobe updates, Oracle Java and Chrome updates, within the last 30 days. You can now build that filter, view the updates that meet that criteria, and automatically publish them.
  • Core Patch Capabilities – With Shavlik Patch 2.1, we introduce a patch details view that tells you lots of great information about each update. Also, Shavlik Patch now handles superceded patches.
  • Ease of Use – You thought Shavlik Patch 2.0 was easy; well, it just got better. Shavlik Patch 2.1 introduces authenticating proxy support, the ability to run scheduled jobs as a different user, and the ability to choose, hide and reorder columns in the updates view.
  • Globalization – Shavlik Patch is now available in 11 languages. Additionally, you can also view translated versions of our User’s Guide. Hablas Espanol? Great, so does Shavlik Patch.

Now, being the seasoned SCCM admin that you are, you’re probably thinking, “Wow, that’s cool, but I won’t be able to use it for six months because it’ll take that long to get it working in my environment.”

Umm…no. Here’s the directions for upgrading Shavlik Patch from 2.0 to 2.1 (no kidding check out our User’s Guide).

  • Close SCCM
  • Download the latest version of Shavlik Patch from
  • Install the Shavlik Patch exe
  • Open SCCM

That’s it! All of your configuration settings, filters, and registration info will still be there. We don’t mess with anything in your SCCM database. You can be up and running on Shavlik Patch 2.1 in about five minutes.

With today’s release, Shavlik has also announced the end of life for Shavlik Patch 2.0 on December 1, 2015. We encourage all customers to upgrade to 2.1 at your earliest convenience. Pro tip – there’s lots of great stuff in 2.1.

For more information about today’s release, please join us for one of our Shavlik Patch 2.1 release webinars.

If you are using Shavlik Patch today, please join us for this webinar.

Patch Like a Pro! New Shavlik Patch for Microsoft System Center 2.1 | Wednesday, November 18, 2014 10:00 am CST | Register Now

If you are new to Shavlik Patch, please join us for this webinar.

Why Break SCCM? Get Third-Party Application Patching Without Additional Infrastructure | Wednesday, November 13, 2014 10:00 am CST | Register Now

Tune in later this week as I continue to share more insights on the latest release of Shavlik Patch and how this solution sets itself apart from other third-party patch add-on’s for SCCM.

Security Breaches Everywhere: Keeping Your Company Out of the Headlines

Bunker BlogLately, it seems not a day goes by without news of a security breach dominating the headlines. The Target breach last fall set off waves of copycat attacks that still, nearly a year later, are successfully infiltrating the networks of prominent retailers. Recently, we’ve seen the likes of P.F. Chang, Dairy Queen, and Minneapolis-based SUPERVALU join the ranks of hacked retailers.

I sat down with Rob Juncker to chat about these hacks and the unique challenges that companies in certain business like retailer and health care face in securing their environments. In addition to being the Vice President of R&D here at Shavlik, Rob also dabbles in white hat hacking.


Anne:  Rob, the Target breach really got our attention as both consumers and as an industry. Now, nearly a year later, what do we know about the Target breach? How did it happen?

Rob:  We know an external hacker managed to take control and infiltrate Target’s system by way of a very unsecure node that was allowed to operate on their network. This was a complicated attack because they infiltrated a node, jumped onto Target’s network, and then had ample time to search the network, to find vulnerabilities, and to infect machines.

They infected the machines by injecting BlackPOS. It located point of sale (POS) devices, looked for specific processes on those machines, stared into their memory, and tried to match data formatted in the same manner that credit card tracks are formatted. After it found credit card data, BlackPOS sent it out of Target’s network to a location where the hackers could grab it.

Anne:  One thing that really stands out there is that they attacked a more or less forgotten node and not the data center. As an IT community, we invest so much of our energy into securing the data center, but from this example we see that isn’t enough.

Rob:  Most people focus on securing the most important assets within their network. The entire Target hack happened on the least valuable parts of the network – a computer designed for remote diagnostics as well as POS’s which are typically the cheapest nodes and the cheapest OS’s. These hackers could have never gained access to Target’s core databases, but they didn’t have to. They simply attacked the nodes where the data is collected.

Anne:  Do retailers face unique challenges in securing their IT infrastructure?

Rob:  Retailers have incredibly complex environments – all of these terminals out on a WAN in all of these stores. Nobody in IT is hands-on because every store can’t have its own IT department, and the devices are running various OS’s that have various third-party applications resident on them. This makes for a perfect storm for retailers to be exploited. Health care providers have similar complexity when you think about all of the nodes spread out throughout a hospital or a clinic.

Anne:  Here at Shavlik we are quick to share the figure that 75% of vulnerabilities exploited in the wild already have software updates (patches) available to fix them. How important is patch management in preventing these types of breaches?

Rob:  If you aren’t properly patched, someone can use off-the-shelf scripts to get access to that network. The Target hack was a professional hack. They knew what they were doing. That was the first, but all of these others are simple variants of the same approach. This has gone from being the work of an experienced hacker to that of a script kiddie. It is now readily repeatable, and we have a population of hackers attacking every site they can find.

Patch management is an important piece of having a full security profile for your entire network. Exploiting a known vulnerability is step one of the process. If you can reduce the ease of doing that, hackers are likely to move on to someone else.

Anne:  Most IT departments are disciplined about patching their data center servers with tools like Shavlik Protect and patching endpoint OS’s with tools like Microsoft System Center Configuration Manager (SCCM). Let’s assume the OS is up-to-date. Is that good enough?

Rob:  No. Because they have POS’s running a Windows OS, it is guaranteed there are third-party applications running on those devices. It could be an embedded internet browser or an embedded PDF generator. Worse, it could be Java which is the most exploited third-party application.

The existence of third-party app’s isn’t a “maybe;” it is a “for sure.” CIO’s around the world should ask themselves, “It’s great the we patch Windows, but do we patch everything else?” If the answer is “no,” are you willing to bet your job on that decision?

Anne:  Of course CIO’s don’t want to risk their jobs over something as simple as third-party app patching, but given the complexity of their networks, are IT departments for retailers faced with a lose/lose decision between knowingly remaining unsecure versus spending all of their time on patching?

Rob:  For those companies who have SCCM, Shavlik Patch for Microsoft System Center makes the decision easy. With Shavlik Patch retailers can patch third-party applications from within SCCM in the same manner in which they patch the OS. They can also completely automate the process which means they can get into a “set and forget” mode for applying third-party updates. Third-party patching doesn’t have to be a difficult or arduous process. If it feels that way, Shavlik can help you out.


Patch management is critical, but it is just one piece of the security puzzle. In the next post in this series, Rob will dig deeper into the technical details of the Target hack, discuss how you can determine if BlackPOS already exists in your environment, and explain how you can cut off its communication lines if/when it finds its way into your network.

Also, if you’d like to join a discussion on this topic, Shavlik will be hosting a webinar on September 30.

Security Breaches Everywhere – Help your company stay out of the headlines
Thursday, October 2, 2014 10:00 am CDT
Register Now

Windows IT Pro Weighs in on Shavlik Patch

You’ve heard a lot of talk from us about the new Shavlik Patch for Microsoft System Center, but you may be wondering, “What are people who don’t have the word ‘Shavlik’ on their business cards saying about this new product?”

Windows IT Pro Community Manager Rod Trent answered just that in his article Shavlik Patch for System Center Simplifies Securing the Other 86 Percent of Windows Vulnerabilities. Trent is a leading expert on Microsoft System Center technologies and has more than 25 years of IT experience.

Here are some of his insights.

  • “…86% of reported vulnerabilities come from third-party applications, 10% comes from the operating system itself, and 4% is attributed to the hardware.”
  • “Shavlik Patch for System Center takes a normally manual process for third party application patches and automates it such that administrators can have the confidence that the ‘other 86%’ of known vulnerabilities are covered.”
  • “Shavlik was one of the first vendors to understand the need to patch products other than those provided by Microsoft. …the company knows patching.”
  • “Configuration is easy and scheduling is provided to automate the download of deployable .cab files and publishing of updates.”
  • “In addition to the console integration, the product also takes full advantage of the capabilities built into ConfigMgr for targeted deployments of software patches.”

Learn more about Shavlik Patch for Microsoft System Center or download a free trial here.


What Does Shavlik Patch Mean to Existing SCUPdates Customers?

Earlier this week, Shavlik announced the release of Shavlik Patch for Microsoft System Center. As an existing SCUPdates user, this likely left you with a number of questions. Let’s talk about them.


Q: We are using SCUPdates with SCCM 2007. What does this mean to us?

A: Nothing changes for you. You still have all the goodness of SCUPdates just with a shiny new name. If your organization is evaluating moving up to SCCM 2012, read on to see what the future holds.


Q: We are using SCUPdates with SCCM 2012. What does this mean to us?

A: A lot! You read earlier this week about the add-in, its tight integration with SCCM, and how easy it is to install and configure.  Hopefully, you attended our webinar yesterday and saw it in action. If not, check out the following.

  • Learn more about Shavlik Patch here.
  • View quick videos about how to install and configure Shavlik Patch here.
  • Download a free trial of Shavlik Patch here.
  • View user documentation for Shavlik Patch here.


Q: Lovely marketing material…tell me something technical.

A: Special logic has been added within the add-in for patching difficult to handle applications like Java. In the case of Java, you might find that updates often fail because Java doesn’t uninstall correctly when it is running. The Shavlik Patch add-in will

  • Uninstall Java
  • Detect if it was uninstalled incorrectly
  • Schedule the install on reboot if needed
  • Inform the SCCM Agent if a reboot is required

The Shavlik Patch add-in will also handle Apple updates that are bundled in with the QuickTime and iTunes patches such as Apple Mobile Device Support and Apple Application Support.


Q: If I am on SCCM 2012, do I have to switch over to the add-in?

A: No. We think you will want to, but you do not have to. Customers can choose to use the add-in configuration, the catalog file configuration, or even both if that makes sense in your environment. Your choice of configuration does not affect your licensing.


Q: Do we have to pay more to get the new SCCM add-in?

A: Nope, as a current SCUPdates customer, you are entitled to the add-in or the catalog file configuration. You may download the add-in at and begin using it immediately.


Q: I’ve had this product for a few years and haven’t seen you guys do much of anything with it. Is this release a signal of increased investment by your technology team?

A: Absolutely! Yes, we haven’t had a release in some time, but we have been listening to you. Here’s some things you have been asking for that are addressed with the add-in.

  • Automatically download the catalog files
  • Handle Java better
  • Automate publishing to WSUS

Here’s some other things you have been asking for that are on our roadmap for upcoming releases.

  • Disable auto updaters
  • Expanded product support
  • Support for supercedence

The Next Generation of SCUPdates, Shavlik Patch for Microsoft System Center, Is Here

Shavlik is happy to announce the release of Shavlik Patch for Microsoft System Center. This follow-on to Shavlik SCUPdates provides third-party patching within Microsoft System Center Configuration Manager (SCCM) and does it in such a manner that third-party patching has never been easier.


What’s cool in Shavlik Patch?

If you are using SCCM 2012 (or later versions)…

  • Ability to patch more than 100 popular applications completely within Configuration Manager
  • An integrated add-in for the Configuration Manager console that no longer requires the use of System Center Updates Publisher (SCUP)
  • Automatically check for and download patch data from Shavlik
  • Publish new patches through SCCM manually or automatically
  • Smart handling of difficult to install patches like Java

If you are using SCCM 2007…

  • Continue to enjoy the goodness of SCUPdates just with a new name


Want to see it in action?

Join Shavlik Chief Marketing Officer Steve Morton, Systems Engineer John Rush, and I as we discuss the details of the new release and show you how Shavlik Patch will revolutionize the way you perform third-party patching within Configuration Manager.

Introducing the New Shavlik Patch for Microsoft System Center
Wednesday, February 12, 2014 10:00 a.m. CST
Register Now


Download it now and see for yourself

  • Learn more about Shavlik Patch here.
  • View quick videos about how to install and configure Shavlik Patch here.
  • Download a free trial of Shavlik Patch here.
  • View user documentation for Shavlik Patch here.

See you all at the webinar on Wednesday and check back later this week for an additional post providing more info on what this release means to existing SCUPdates customers.

Shavlik Joins Microsoft System Center Alliance

Shavlik is happy to announce we have joined the Microsoft System Center Alliance Program. By joining the Alliance Program, Shavlik is reaffirming its commitment to customers who use System Center Configuration Manager.

“Shavlik is thrilled to be part of the Microsoft System Center Alliance Program,” said Marshall Smith, Vice President of Partnering and Operations for Shavlik. “We have patched Microsoft and third-party applications since the beginnings of Shavlik, and we plan to continue empowering our customers with our popular SCUPdates, Management Intelligence, and additional Shavlik products that add value for System Center customers.”

“Our membership in the Alliance will help us continue to foster the communication required to shape and refine our products and to meet the needs of our mutual customers.”

Shavlik SCUPdates eliminates the time-consuming task of researching and creating the updates required to patch third-party products via SCCM. After downloading the SCUPdates catalog and importing desired patches into Configuration Manager using System Center Updates Publisher (SCUP), users can manage and deploy third-party updates from within SCCM in the same manner in which they manage Microsoft updates.

“System Center 2012 R2, with its trailblazing functionality, provides a solid foundation for third parties such as Shavlik to build on and add value for customers,” said Brian Hillger, Director, Product Marketing, Microsoft Corporation.

“With SCUPdates, Shavlik is helping customers keep third-party applications patched and secure with consistent accuracy and ease-of-use. Microsoft is pleased to welcome Shavlik into the System Center Alliance.”

Shavlik Management Intelligence extends SCCM data for effective asset management.

Read the full article here to learn more about the Alliance Program as well as how Shavlik can help you extend the capabilities of Configuration Manager.