Our customer environments show a lot of application recognition which is only related to the presence of OUI evidence. This OUI evidence is constantly questioned by the infrastructure teams as the OUI evidence appears as files on a system.
From the best practice guide:
Flexera’s Oracle Inventory, unlike other conventional inventory tools, looks for and reads the OUI registry XML file and will generate installer records for application entries found. On Windows systems, the inventory agent will also identify the edition of installed Databases and other technology products using the data available in the OUI repository. This allows the tool to accurately identify Oracle Database installs on Windows systems, where other conventional inventory tools cannot.
I know from experience that the comps.xml file is read i.r.o. DB options and packs to show what is installed. **Most often the problem here is that there will be multiple backups of these comps xml files in "backup" directories that are also scanned by our agent, thus leading to endless investigations, collections of tracker logs and ndi's to point out where this evidence is coming from.
My questions to the forum, and Flexera, are:
Can you clarify this list of OUI registry xml's that may be read on systems to create this OUI inventory.
What is the default or expected location for each
Can these xml files be exposed in the file evidence per device as "collected registry files"
Inventory agent interrogates inventory.xml and comps.xml, these xml's provide installer evidence for installed components.
Oracle usually take backup these XML and also put them under backup folder and xml's files in the backup folder can lead to obsolete installed component information that was installed at some point but not anymore.
In inventory agent version 2019 R2 and later, a change is made to exclude components XML files under backup folders that will help to automatically exclude evidence collection from backup folders.
For previous version of inventory agent exclude File path scan is good option to exclude them from inventory collection.
FNMS 2019 R2 and later, provide transparency into RAW collected installer, file evidence and WMI by exposing them through inventory device properties. that will help, but evidence collected from XML files comes as installer evidence you would not find path for installer evidence but file evidence.
Hope this information will help to find the appropriate path that will help to mitigate the problem.
At this moment I am facing issues with an customer that has some Oracle False Positives. They see installations with evidence of folders that doesn't exist and they have 2019R2 agent. My suspicion is now that there are some left over on the system with inventory.xml and comps.xml causing these issues. My customer is going to check this.
The big question I have is why does Flexera still use the inventory.xml and comps.xml files for scanning as it looks like this keeps creating false possitives?
