Re: ISMP Evidence Showing Up (when we don't use ISMP)?

sissonr · ‎Dec 20, 2021

Investigating a potential false positive on Apache log4j. The reported evidence type is ISMP (InstallShield Multiplatform) coming from the FlexNet Agent, as the only source reporting (we also co-run BMC Discovery on these servers). The odd thing about this is that our organization doesn't use Installshield.

In checking Discovered Evidence, I note a total of 70 Installer Evidence reporting under ISMP (out of over 33,000). This makes me wonder under what conditions FlexNet utilizes ISMP to classify Evidence Type. Is this some kind of default? Again, we're not running this kind of package installation technology.

kclausen · ‎Dec 20, 2021

ISMP is used by many software publisher to package their own applications. Therefore, in the process of installing software you may be creating ISMP Evidence as the packages you are running from the publishers are using ISMP to install the primary package and/or different components.

ChrisG · ‎Dec 20, 2021

InstallShield Multiplatform evidence details will typically be gathered from files named "vpd.properties" or "vpd.script" that exist on computers that the FlexNet agent has gathered inventory from.

To restate @kclausen's comments, if you see installer evidence of the type "ISMP" in your organization that is indicating the developers of software installed on your computers have likely used InstallShield Multiplatform. This isn't determined by whether your own organization uses that product for developing software installers.

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)