- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hello,
We have below use case from our SAM stakeholders which I think can be delivered through File based discovery.
1. Discovery of installed software that cannot be discovered by agent with SAM policies
2. Detection of file paths for installed software, which assist in building package for removal of installed software if it's not authorized software by organization.
3. Determining residual files of an uninstalled software. This is to avoid traces of any unauthorized software once it was removed from user machine.
4. Detecting cracked software & keygens
To deliver above use cases, we have configured FBD to scan entire C & D drive on end user laptop & desktops for file types like, .jar, .amd64, .bin, .exe, .zip, & .dll. However, this has resulted in exponential rise in cmdb_file_information table.
As a lesson learnt, we removed .dll from scan & excluded C:\windows & temp folders from scan.
Now the reason I am reaching out to understand is, How to get maximum installed software from user machine with limited File scan. So we do not unnecessarily overload cmdb_file_information table, which affects the performance of our ServiceNow platform.
Note:
File scan extension scan expected byour SAM stakeholders for above mentioned use cases. This is more than what we have currently configured.
.jar, .amd64, .dll, .bin, .msi, .app, .sh, .lic, .swidtag, .exe, .zip
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi @Shreesh Hanaba1 ,
as you already mentioned, the FBD results are linked with the setup of files and folders to scan. ServiceNow themself manages a whitelist of about 27.000 files to be imported base on the default setting without any extensions added. On top you can increase the coverage by adding extensions to the whitelist and all files in the defined folders are scanned - this will end up in a „overload“ of the table and DB.
Back to you question, it’s not possible to scope as requested. If you can not define the scope of a specific folder and files you’ve to whitelist the file extension e.g., .exe and set the folder scan the full c drive.
Second, each scanned file has a fingerprint based on name, size and version. If this hash does not exists in the content library you’ve to create a file mapping for each record to get it normalized as part of the next scan an linked to a sw install record (file_maps).
of course, based on the raw data (file name, path, …) you can identify potential risks, but you need a normalized file scan record linked to a sw install to benefit from reclamation candidates etc.
hope this helps, best, Dennis
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi @Shreesh Hanaba1 ,
as you already mentioned, the FBD results are linked with the setup of files and folders to scan. ServiceNow themself manages a whitelist of about 27.000 files to be imported base on the default setting without any extensions added. On top you can increase the coverage by adding extensions to the whitelist and all files in the defined folders are scanned - this will end up in a „overload“ of the table and DB.
Back to you question, it’s not possible to scope as requested. If you can not define the scope of a specific folder and files you’ve to whitelist the file extension e.g., .exe and set the folder scan the full c drive.
Second, each scanned file has a fingerprint based on name, size and version. If this hash does not exists in the content library you’ve to create a file mapping for each record to get it normalized as part of the next scan an linked to a sw install record (file_maps).
of course, based on the raw data (file name, path, …) you can identify potential risks, but you need a normalized file scan record linked to a sw install to benefit from reclamation candidates etc.
hope this helps, best, Dennis
