• Overview
  • Features
  • Design Principles
  • Requirements

Overview

Summary

Shavlik NetChk Protect provides the most direct route to achieving, proving, and sustaining patch compliance with your internal mandates or with external regulations. In a matter of hours, not days or weeks, you’ll have an operational solution in place to find and deploy security patches that are missing from the machines in your enterprise.

Shavlik NetChk Protect is a robust patch management solution, providing extensive coverage for Microsoft operating systems, Microsoft programs, and 3rd party programs. While there are a number of“free”patch management tools available, they are limited to patching Windows operating systems and programs. They do not address 3rd party programs, which leaves gaping security holes that hackers can easily find and attack. Don’t let “good enough” be the standard for securing your business assets.Free security tools may actually increase your risk and in the end will require more IT resources that will eat your IT budget. You need solutions that reduce your costs while improving your security status. Shavlik NetChk Protect is your complete patch management solution.

A Closer Look

Simplify Network Security

Shavlik NetChk Protect provides you with an easy-to-implement, easy-to use, and cost-effective method for improving your security posture. By taking the complexity out of the patch management task, it provides the fastest route to improved security and compliance. It also enables your less technical staff to manage the product.

Find and Fix Gaps in Your Network Security

Shavlik NetChk Protect has a unique architecture that combines agent-based and agentless technology to provide the industry’s most comprehensive discovery capability, allowing customers to confidently answer the question “How secure am I?” The flexibility provided by this hybrid approach enables you to address every machine in your enterprise -- from stationary machines to frequently disconnected devices to machines located in the DMZ to machines in locations with bandwidth constraints.

And Shavlik NetChk Protect doesn’t just detect gaps, it fixes them too. The program can be configured to immediately deploy all missing patches to machines immediately after a scan is performed. This one-step update process enables you to specify exactly when and how the patches will be deployed.

Any Patch, Anywhere Technology

Shavlik NetChk Protect scans Microsoft-based and third party programs running on the machines in your network. It assesses the current patch status of those machines and enables you to deploy any missing patches. In addition, Shavlik NetChk Protect also provides a custom patch editor that enables you to create and maintain custom patches on your machines. This enables you to patch virtually any Windows program on your network.

 

Features

  • Ease of Use: Go from download to scanning in 30 minutes or less, leveraging Shavlik’s easy to use, industry-standard user interface. Offers a robust user experience, all from a single console.
  • Support for Offline Virtual Images: Shavlik NetChk Protect enables you to scan and patch offline virtual images. Offline virtual images are those that aren’t powered on when a patch scan is performed. These virtual images may be powered on for only a few hours or days a month and then powered off until they are needed again the next month. It’s important to ensure that these systems are patched so that when they are brought online they don’t place your network at risk.

    Shavlik NetChk Protect makes it easy to scan and patch these offline virtual images. You simply reference the offline image or folder of images in a machine group and perform a scan like usual. You can also scan desktops and servers for the presence of virtual images that you may not even know about. Once the virtual images are identified, Shavlik NetChk Protect will perform a full patch assessment of each image and display the scan results alongside the results for running systems.

    Patching offline virtual images is similarly simple. You simply highlight the images and patches you’d like to install and then select Deploy from the Shavlik NetChk Protect menu. The patches will be copied to the offline images and will be installed the moment that the virtual image is started (or according to its scheduled deployment time).
  • Flexible & Robust Scanning Options: Shavlik NetChk Protect provides a number of ways to perform a scan. The home page provides simple one-click methods for beginning a scan. Or, you can begin scans from within a machine group or with a favorite group. Scans can also be performed by domain, organizational unit, machine name, IP address or IP range.

    NetChk Protect allows you to schedule when a patch will be executed on each remote system. The deployment can be set for a specific date/time, immediately, at next reboot, or they can be copied the machine but not installed. Reboots can occur immediately after the installation of patches, scheduled at the next occurrence of a specific time, or a specific date/time.
  • Precise Reboot Options: NetChk Protect provides pinpoint control over when systems are rebooted- during planned downtime. This is a critical difference, particularly on servers.  Shavlik enables administrators to specify detailed, granular reboot instructions that allow for system restarting during scheduled windows. Remediation and reboots can be scheduled separately.
  • Automated Patch Deployment: By enabling the Auto Deploy option, you can automatically enforce patch policies by correcting any discrepancies found on the scanned machines. Any missing patches are automatically deployed immediately after the scan.
  • Support for Custom Patches: The program provides the ability to patch virtually any Windows application on your network, including custom applications and legacy applications. You can also scan for and deploy private patches from Microsoft Corporation. All of this is managed with the implementation of the Custom Patch File Editor. The editor’s wizard-like interface expertly guides you through the process of creating your own custom patch XML files. The program combines your custom XML files with the primary XML patch data file and uses that modified file when performing scans and deployments.
  • Comprehensive Reporting: Built in reports with advanced filteringcan help identify trends over time for any group of machines. Through a web based business intelligence application, Administrators can build custom reports to provide analysis of the patch or spyware threat by workstation, group, detection type, threat and classification. Reports can be exported to multiple file formats.
  • Automated E-Mailer: Shavlik NetChk Protect provides the ability to automatically e-mail scan results and reports to machine owners, network administrators, or executives.
  • Support for Multiple Console Configurations: For large organizations there are many advantages to maintaining multiple consoles:
    • The consoles can reside at physically distinct locations and be close to the machines they are managing
    • You can distribute the workload across multiple consoles
    • The scans, deployments, and remediations are performed much quicker
    • You won't tie up your network trying to scan hundreds of geographically distinct machines from one location
    • It cuts down on a lot of network traffic, especially over WANs
    • The results from each console can be rolled up to and viewed from one central location
  • Shavlik NetChk Agent: Shavlik NetChk Agent is an agent service. The agents configured by Shavlik NetChk Agent are distributed agents, meaning they are installed on physically distinct machines and have the ability to independently initiate specific actions. They are configured via the Shavlik NetChk Protect interface and then installed on the desired machines either by executing a menu command from the Shavlik NetChk Protect console or by manually installing them off a CD or flash drive. A single console can support up to 50,000 agents.
    With Shavlik NetChk Agent you can create as many different agent policies as necessary to manage your network. This provides a great deal of flexibility, enabling you to assign different agent configurations to different machines in your organization.

    Depending on how they are configured, when installed on a machine a Shavlik agent can:
    • Scan for and deploy missing patches
    • Scan for and remediate spyware
    • Report the results to the local console
  • Detailed Spyware Information: Netchk Protect provides a detailed listing of all registry information and files found that are associated with spyware. This includes spyware details such as the author of the spyware, author location, short description, detailed description, and how it executes. It also offers a detailed description of the severity to alert the customer as to the nature and criticality of any infection.
  • Dissolving Service Scan for Spyware Management: NetChk Protect offers an additional scanning and remediation method for administrators. With the Dissolving Service Scan, administrators have the option of deploying the Spyware Scanning Engine and Spyware XML to each target system. The Dissolving Service Scan will run the scan and remediation locally as an additional option for administrators. This method provides faster scan and remediation times as well as less bandwidth utilization. Upon scan/remediation completion, administrators have the option of leaving the Dissolving Service Scan and XML on the target machine. On the next scan, these files will be in place for scanning and remediation.
  • Machine Groups: Shavlik NetChk Protect uses machine groups to keep track of the machines that are included in a particular scan. The machine groups within Shavlik's product are flexible enough to allow you to organize and group machines based on OU, Domain or IP Ranges which will automatically identify new machines that are added to the network.
  • Machine-Centric View: This extremely powerful and flexible tool enables you to display current information about every machine in your network that has been previously scanned and whose information resides in the database. It enables you to align management of your security posture with how you manage your network assets. The advantages of the machine-centric view include:
    • You are not restricted to viewing just those machines involved in a particular scan. You can view all the machines that have ever been scanned.
    • You can quickly assess the status of all machines in your organization.
    • You can filter the information and drill down into the table for a more detailed analysis.
    • You can view both patch and signature information at the same time. With the scan-centric view you can only view one or the other.
    • All machine information is available in one place. When viewing scan results from a scan-centric view the information is spread out across three different views (Date Summary, Patch Summary, and Machine Summary), requiring you to click around a bit to see all the information.
  • Role-based Administration: You can assign different roles to different users of Shavlik NetChk Protect. This enables you to make the program available to a wide variety of people within your organization while maintaining control over its use. The role assigned to a user determines what that particular user can do.

 

Design Principles

All products created by Shavlik Technologies are built upon the following product principles. There are a number of examples of each principle evident in Shavlik NetChk Protect.

  • Simplicity: If a product is difficult to use, chances are it won’t get used, no matter how many bells and whistles it may have. Our interface takes the complexity out of managing security.
    • Easy to scan for and deploy patches enabling IT staff to manage more systems
    • Most direct route to patch compliance
    • Fully automated vulnerability lifecycle
    • Operationalize security, freeing up your critical IT staff for other tasks
    • Facilitates gains in operational efficiency and delivers cost savings by simplifying complex network security
  • Thoroughness: Our core security engines enable Shavlik to provide the industry’s deepest and broadest scanning capability that automatically detects and closes the gaps in your security state.
    • Agent-based and agentless technology provides the best coverage
    • Shavlik Technologies is the leader in accuracy, depth, and breadth of status on patches, configurations and unapproved software
    • No need for rescans or use other tools- do it right the first time
    • Detect and remove potentially harmful applications
    • Provides coverage of 3rd Party Applications
    • Used to audit other solutions for errors and omissions
    • Validates that your patch policy requirements were actually implemented
    • Default scan templates report on all installed and missing patches
  • Architectural Flexibility: When working with rapidly changing technologies, flexibility is key. NetChk Protect provides you with the control to manage your network the way you want. You decide when and what systems are patched. Start scanning within 30 minutes or design a very detailed plan, it’s your choice.
    Shavlik NetChk Protect is extremely flexible because it:
    • Offers multiple deployment options
    • Is non-intrusive
    • Can operate in either agentless or agent-based modes- you choose
    • Provides the industry’s most flexible and granular deployment options
    • Works with multiple products- Windows 2000 Professional Gold or later, Windows XP Professional SP1 or later, Windows 2000 Server Gold or later, Windows Server 2003 Family, Windows Server 2008 Gold or later and Windows Vista SP1
    • Works with multiple machine types- servers, desktops, laptops, virtual machines
    • Uses XML-based files that are constantly being updated to reflect ever changing software environments.
  • Scalability: You want a product that is able to grow with your company. Shavlik NetChk Protect has the ability to accommodate ever increasing numbers of machines and software products.
    • Distributed architecture
    • Centralized management
    • Agent/Agentless to address many different connectivity options
    • Manage thousands of machines from a single console
  • Time-to-Value: You want to be able to immediately begin using your investment. With its easy to use and intuitive interface, Shavlik NetChk Protect has you scanning, assessing, and patching your network in no time. Because there are very few setup tasks needed before using the product, the “time-to-value” payoff with Shavlik NetChk Protect is extremely high.

Requirements

Console Prerequisites

Processor:

  • 500 MHz or faster CPU

Memory:

  • Minimum: 256 meg RAM
  • Recommended: 512 meg RAM or higher

Video:

  • 1024 x 768 screen resolution or higher (1280 x 1024 or higher recommended)

Disk Space:

  • 60 meg for application
  • 2 GIG or more for patch repository

Operating System:

  • Windows 2000 SP4 or later (Professional, Server, Advanced Server, or Small Business Server)
  • Windows XP Professional
  • Windows Server 2003 Family
  • Windows Server 2008 Family

    Note: Shavlik NetChk Protect supports 32- and 64-bit versions of the listed operating systems for both console and target systems.
    Note: Windows Vista is not supported for use as a console system

Database:

  • Access to a SQL Server database is required. If you do not have access to a SQL Server database, the option to install SQL Server 2005 Express will be provided during the installation process.

Prerequisite Software:

  • Internet Explorer 5.5 or later
  • Windows Installer 3.1 or later
  • Microsoft Data Access Controls (MDAC) 2.8 or later
  • MSXML 6.0
  • Access to Microsoft SQL Server 2000 SP4 or later, SQL Server 2005, or SQL Server 2005 Express Edition
  • SQL Server Management Objects (only required if using SQL Server 2005)
  • SQL 2005 Native Client (only required if using SQL Server 2005)
  • Microsoft .NET Framework 2.0
  • VMware® Virtual Disk Development Kit

Firewall Rules at the Console

  • Must open TCP 3121 and 7766 for agents and remote consoles to send information back to the console (port numbers can be configured at setup)
  • Must open TCP port 4750 for tracking agentless deployment progress via the Shavlik NetChk Tracker (port number can be customized)

Clients (agentless)

Browser:

  • Internet Explorer 4.0 or later required to receive patch deployments

Operating Systems (any of the following):

  • Windows NT 4.0 Workstation, Server, and Enterprise Server SP4 or later
  • Windows NT Server 4.0, Enterprise Edition SP4 and Terminal Server Edition SP5 or later
  • Windows 2000 Workstation, Server, Advanced Server, Datacenter Server, and Small Business Server
  • Windows XP Home Edition (local patch scans and deployments only)
  • Windows XP Professional and Tablet PC Edition
  • Windows Server 2003 Family (x86 and x64)
  • Windows Vista Family (x86 and x64)
  • Windows Server 2008 Family (x86 and x64)

Virtual Machines (offline images created by any of the following):

  • VMware ESX Server 3.0 or later
  • VMware VirtualCenter 2.0 or later
  • VMware Server
  • VMware Workstation 4.0 or later
  • VMware Player

Prerequisite Software

  • Remote Registry service must be running
  • Server service must be running
  • On Windows XP Pro machines, Simple File Sharing must be turned off
  • NetBIOS (tcp139) or Direct Host (tcp445) ports must be accessible
  • MSXML 2.5 or later if using the spyware Dissolving Service Scan option

Firewall Configuration

  • Must open TCP 139 or TCP 445
  • TCP 5120 must be open if using Shavlik Scheduler (port number is configurable)

Products Supported (for patch program):

Disk Space (for patch program):

  • Free space equal to five times the size of the patches being deployed

Supported Languages (for patch program):

Arabic, Chinese (Simplified), Chinese (Traditional), Czech, Danish, Dutch, English, Finnish, French, German, Greek, Hebrew, Hungarian, Italian, Japanese, Korean, Norwegian, Polish, Portuguese (Brazil), Portuguese (Portugal), Russian, Spanish, Swedish, Turkish

Clients Running Shavlik NetChk Agent

Processor:

  • 500 MHz or faster CPU

Memory:

  • Minimum: 256 meg RAM
  • Recommended: 512 meg RAM or higher

Disk Space:

  • 30 meg for Shavlik NetChk Agent client

Operating Systems:

  • Windows 2000 SP3 or later (with high encryption pack)
  • Windows XP Family
  • Windows Server 2003 Family
  • Windows Server 2008 Family

Prerequisite Software

  • MSXML 3.0 or later

Firewall Configuration

  • Must open TCP 5120 for Shavlik Scheduler only when performing a push install of the agent (port number is configurable). This is not necessary when using Agent Installation Media.
  • Must open TCP port 139 or TCP 445 only when performing a push install of the Shavlik NetChk Agent. This is not necessary when using Agent Installation Media.
  • The agent itself opens no listening ports.

 

 


Designed by Palyacho