• United States
Neal Weinberg
Contributing writer, Foundry

Shavlik Technologies’ HfNetChk Pro

Mar 18, 20033 mins
NetworkingPatch Management SoftwareSecurity

* The Reviewmeister takes a look at the enterprise version of HfNetChk

When it comes to patch management tools, there are two kinds – those that attach agents to every desktop and those that don’t rely on agents. This week, we tackle the agent-less products.

HfNetChk Pro is the enterprise version of the popular HfNetChk tool that Microsoft distributes. Enterprise-level features include a management GUI and the ability to push patches out to systems. HfNetChk Pro, an agentless product, installs on a Win NT, 2000 or XP system, requiring no additional software on the target machines.

Installation takes only minutes. System requirements include Microsoft Data Access Components (MDAC) 2.6 SP2 or later, Windows Installer Version 2.0, XML Parser 3.0 SP2 and Jet 4.0 SP3. If any of these components are missing, the installer informs you and provides a link to the Microsoft site to access them.

HfNetChk Pro uses the base HfNetChk engine, which is based on the XML and cabinet (CAB) files that Microsoft maintains, to determine which patches are installed and which are missing from the system. A CAB file is a Microsoft file type used to compress files for distribution. Shavlik also has added its own information pertaining to patches and vulnerabilities in MDAC and Java Virtual Machines. When checking for missing patches, HfNetChk Pro uses a combination of checks, including file versions, checksums and registry keys. If any information is incorrect, HfNetChk will let you know in its reports.

The HfNetChk Pro ships with a command-line facility, but its GUI is the best of the products we reviewed – very intuitive and easy to use. An excellent scan configuration wizard is included. Stepping through the wizard to create a scan, you have the option to scan one machine, one domain, multiple machines, multiple domains, IP address ranges or a variation thereof. You can create a text file listing what should be scanned and import that data into HfNetChk. Scans can be named and listed in the favorites section of the program, which is used to store frequently used scans, for easy launching. Scans also can be scheduled to run periodically.

For scan options, HfNetChk can report on necessary (or required) patches and/or explicitly installed patches. Administrators also have the option of scanning only for patches from Windows Update, the free patch service that Microsoft provides. You also can set thread settings that control how much network traffic the product creates. Of course, the less traffic created, the longer the scan time.

HfNetChk Pro did a good job scanning the network. It quickly identified all the servers in the domain. Scans also took a short amount of time, running about 2 minutes for our five servers.

Patch deployment can be performed with a mouse click. One patch can be deployed to all necessary systems, or all patches required on a single system can be deployed. The patches are downloaded from Microsoft and stored in the selected location.

The patch to be installed will be copied to the target machine and installed at the scheduled time. System reboots can be controlled, as can shutting down SQL or IIS server, backing up files for uninstall or using quiet mode for installation. For the full report, go to