Highlighted
Flexera beginner

Anomalies with endpoint scans

Hi all...

First time poster. We have introduced Flexera Software Vulnerability Manager to our environment and hoping someone can help me or advise who I should contact. 

When we go through are scan results we are noticing some anomalies.  For instance we have a number of endpoints reporting they have a licensed product Adobe photoshop but the program does not exist on the machine.  We have a good example here where it has reported the last scan on the endpoint was 14 hours ago however this machine has been offline for 11 days. 

Note: we are running agentless, if that matters.

Any ideas?

Thanks,

Gerry

0 Kudos
3 Replies
Highlighted
Flexera
Flexera

Re: Anomalies with endpoint scans

HI Gerry

Thank you for your community posting.

Could I ask if you are using SCCM Inventory import? If you are using SCCM import SVM will report based on the last inventory scan for the machine which could still show a machine that has been offline for days as it will take the last inventory.

We would recommend deploying the agent as this gives a more accurate scan.

Regards

Simon Edwards
Senior Technical Support Engineer
SVM SUpport

 

Simon Edwards
Senior Technical Support Engineer
SVM Support
Highlighted
Flexera beginner

Re: Anomalies with endpoint scans

Thanks for responding Simon.


Sorry, but my team members are very new to this environment. How can we confirm this?

Thanks,

Gerry

 

0 Kudos
Highlighted
Flexera
Flexera

Re: Anomalies with endpoint scans

Hi Gerry

The easiest way for you to confirm the difference between SCCM Inventory import scans and using the agent, is to run the agent on an affected machine and compare.

Firstly make a note or export a report on the affected machine first from the SVM Console, then download the agent with Token to the affected machines desktop from the SVM Console and using a command prompt as an administrative user run the CSIA.EXE from the command prompt, using the following command   csia.exe -c -v -v -v -d "c:\scanlog.log"  This will perform a scan with verbose logging.  The logging will show all of the software detections and their file paths.

You can then compare the scanlog against the report you produced earlier.

Regards

 

Simon Edwards
Senior Technical Support Engineer
SVM Support

Simon Edwards
Senior Technical Support Engineer
SVM Support