Patching operating systems is a common practice, but 86 percent of vulnerabilities are found in third-party software. Surprisingly, in today’s hazardous computing environment, patch management is far from being a “solved” problem.

Ivanti Patch for SCCM, powered by Shavlik, maximizes your organization’s investment in SCCM to reduce security risks from unpatched non-Microsoft third-party applications. Keep your risk low and your software up-to-date without adding unnecessary infrastructure or cost.

Reduce Risk and Increase Security with Patch for SCCM

Avoid being the next security disaster headline by reducing vulnerabilities and risks in your infrastructure. Ivanti Patch for SCCM closes the application-patching gap by extending SCCM’s patching capabilities to include third-party application patching.

Applications now represent a greater risk to the network than the OS. Patch for SCCM reduces the risk created by applications by patching hundreds of popular vendors and applications, including Adobe (Reader), Apple (iTunes), Oracle (Java), Google (Chrome), Firefox, and many more. Update even the most difficult applications including Java and Google Chrome.

With Ivanti’s years of experience patching applications in the enterprise, you gain the most accurate pre-tested patch data, enabling you to patch third-party applications instantly. Ivanti only gives you the patch install needed for your enterprise software. Patches run silently, provide you only the enterprise version of the software update, and skip the toolbar installation. And you don’t have to rely on end users to patch individual applications.

Maximize your SCCM Investment

Patch for SCCM expands SCCM to include application patching but doesn’t require additional platforms or processes. The integrated, intuitive plug-in for the SCCM console lets you define and deploy application updates from within SCCM and leverage existing workflows.

Patch for SCCM decreases significantly the amount of time taken between patch availability and deployment. As more applications are added to the environment, you devote more and more time just keeping the systems up-to-date. Patch for SCCM eliminates many of the manual steps normally taken to define third-party application patches in SCCM for workstations and servers, making IT immediately  productive.

Patch for SCCM, coupled with the SCCM framework, gives you the flexibility to report on patching compliance. With the reporting capabilities already built into SCCM, you gain significant visibility into the patching process to remain compliant.

Reduce Complexity but Avoid Adding Infrastructure and Cost

You’ve already spent a lot of time and money installing SCCM, so don’t break it. Why add additional infrastructure  or consoles? The native integration of Patch for SCCM employs the same workflows used to patch the OS in SCCM to push out third-party application updates.

With the solution’s easy-to-use plug-in interface for SCCM, you employ the same process, motion, and infrastructure already built into SCCM, reducing the number of steps to create application updates. In addition, the solution’s simplified approach to patching third-party applications within SCCM requires no expensive consultants or additional services.

Patch data is loaded from the Ivanti Cloud and users can view patch information instantly from within SCCM. You can manually click to deploy patches through SCCM software update packages, or combine Patch for SCCM automation with SCCM automatic deployment rules for full third-party update automation.


  • Ability to patch hundreds of the most popular applications, including those difficult to install
  • Integrated plug-in for the SCCM 2012 console
    • Searchable view of available patches
    • Select patches to publish and expire
    • Smart filtering of patches based on multiple criteria— vendor, product, Information Assurance Vulnerability Alert (IAVA) number, etc.
  • Customize patches to comply with company policies
  • Check for and download new patch data automatically
  • Publish new patches automatically, filtered based on business requirements
  • Publish patch metadata separately for compliance, audit, or pre-deployment screening
  • Expires a superseded patch with the new version Delete or republish updates
  • Auto-detect Windows Software Update Server (WSUS)
  • View and manage all products published to WSUS
  • Digital certificate management—re-authorize expired certificates
  • Localized in 10 languages for international support
  • Supports authenticating proxies
  • Supports disconnected networks
  • Installation is easy, fast, and verifies SCCM configuration


For system requirements, visit::