Determining Patch Status

Security Controls performs a detailed analysis of each scanned machine to accurately determine its patch status. Unlike other patch management systems, the Security Controls engine goes far beyond the traditional patch detection mechanisms that rely solely on the presence of registry keys.

For Security Controls to determine if a specific patch is or is not installed on a given computer, two items are typically evaluated:

  • The registry keys that are installed by the patch
  • The file versions for all files installed by the patch

Security Controls compares file versions in the data definition file to the files versions on the computer that is being scanned. If any of the file versions on the scanned computer are less than those stored in the data file, the associated security patch is identified as not installed and the results are displayed on the screen. Specific details about why a patch is considered not installed are also displayed.