Shavlik Third-Party Patch Management

Shavlik is a third party patch management add-on for Configuration Manager. It brings in updates for Adobe, Java, and Firefox, just to name a few. It publishes these updates just like any other Windows update.

Shavlik used to rely on System Center Update Publisher (SCUP). It would fill in the catalog and then the administrator would publish the updates to SCCM. Now, Shavlik is built straight into SCCM as an add-on. It appears under the Software Update options just like any other Windows update. This has really streamlined the third-party update process, as now an administrator does not have to learn SCUP.


Shavlik Benefits

Shavlik does all of the third-party update work for you. It pulls down all of the logic, such as how SCCM knows an update is needed, and then how does it know it is installed. All of this work is done for you, instead of the update administrator having to spend hours or days figuring out the correct logic.

Shavlik also downloads all of the patches for you. All the update administrator has to do is select the patches to deploy and add them to an update deployment.


After deployment, the administrator can select the “Published Third-Party Updates” option to see all of the updates that have been deployed. This is also where updates can be expired. Administrators would want to expire an update after it has been superseded, such as expiring version 11.0.1 when version 11.0.2 of Acrobat is released.

Publishing Updates

To publish updates, simply select the updates to be published and click the “Publish Updates” button. Another screen comes up asking when you want to publish. You can either publish them now, making them available to clients, or set a time to publish them.

A setting to pay attention to here is the “Synchronize after publishing selected updates” check box. You will want to check this, as this will force an incremental sync of WSUS. If you do not select this, the updates will not available until your regularly scheduled WSUS sync time.

Expiring Updates

Once an update has been superseded or is no longer necessary, it should be expired. To expire an update, simply go to the “Published Third-Party Updates” tab, select the updates that you want to expire, and click the “Expire Updates” button. The “Expired” column will change to “Yes”. You check this by viewing the update in the “All Software Updates” tab.


Shavlik must have a code-signing certificate to function. This can be a self-signed certificate or one generated from a CA. The self-signed certificate can be generated from your WSUS server. If you use a CA, it must be imported into Shavlik by clicking “Settings”, then the “WSUS Server” node. You can also create your self-signed certificate here. The self-signed certificate must be deployed to all of your WSUS servers and clients. This can be done with Group Policy.

Shavlik is a really cool, relatively inexpensive way to handle third-party patch management. More information and a trial can be found at


All content provided on this blog is for information purposes only. Windows Management Experts, Inc makes no representation as to accuracy or completeness of any information on this site. Windows Management Experts, Inc will not be liable for any errors or omission in this information nor for the availability of this information. It is highly recommended that you consult one of our technical consultants, should you need any further assistant.



Contact Us

On Key

More Posts

Mastering Azure AD Connect - A Comprehensive Guide by WME
Active Directory

Mastering Azure AD Connect – A Comprehensive Guide

Modern businesses are fast moving toward cloud-based infrastructure. In fact, cloud-based business is not just a trend anymore but a strategic necessity. Microsoft’s Azure Active Directory (Azure AD) has become a frontrunner in this domain. It

Read More »
Security Best Practices in SharePoint
Office 365

Security Best Practices in SharePoint

Microsoft SharePoint is an online collaboration platform that integrates with Microsoft Office. You can use it to store, organize, share, and access information online. SharePoint enables collaboration and content management and ultimately allows your teams to

Read More »
The Ultimate Guide to Microsoft Intune - Article by WME
Active Directory

The Ultimate Guide to Microsoft Intune

The corporate world is evolving fast. And with that, mobile devices are spreading everywhere. As we venture into the year 2024, they have already claimed a substantial 55% share of the total corporate device ecosystem. You

Read More »
Protecting Microsoft 365 from on-Premises Attacks
Cloud Security

How to Protect Microsoft 365 from On-Premises Attacks?

Microsoft 365 is diverse enough to enrich the capabilities of many types of private businesses. It complements users, applications, networks, devices, and whatnot. However, Microsoft 365 cybersecurity is often compromised and there are countless ways that

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.