ISMP Evidence Showing Up (when we don't use ISMP)?
Investigating a potential false positive on Apache log4j. The reported evidence type is ISMP (InstallShield Multiplatform) coming from the FlexNet Agent, as the only source reporting (we also co-run BMC Discovery on these servers). The odd thing about this is that our organization doesn't use Installshield.
In checking Discovered Evidence, I note a total of 70 Installer Evidence reporting under ISMP (out of over 33,000). This makes me wonder under what conditions FlexNet utilizes ISMP to classify Evidence Type. Is this some kind of default? Again, we're not running this kind of package installation technology.
This thread has been automatically locked due to inactivity.
To continue the discussion, please start a new thread.
ISMP is used by many software publisher to package their own applications. Therefore, in the process of installing software you may be creating ISMP Evidence as the packages you are running from the publishers are using ISMP to install the primary package and/or different components.
InstallShield Multiplatform evidence details will typically be gathered from files named "vpd.properties" or "vpd.script" that exist on computers that the FlexNet agent has gathered inventory from.
To restate @kclausen's comments, if you see installer evidence of the type "ISMP" in your organization that is indicating the developers of software installed on your computers have likely used InstallShield Multiplatform. This isn't determined by whether your own organization uses that product for developing software installers.