what kind of executables are stored in cmdb_running_process table?

Fernando Gois
Tera Contributor

‎07-14-2017 01:31 PM

What kind of executables are stored in cmdb_running_process table?

we have a vendor requesting us to scan windows servers for specific executables. So I am wondering if I could user cmdb_running_process to extract the information they are requesting.

Is this table storing all executables I see under \Program Files and 'Program Files(x86)? Basically what is the criteria that the ServiceNow out of box discovery does to write to this table? For windows.......

Thanks.   Fernando.

0 Helpfuls
  • 2,086 Views
4 REPLIES 4

sachin_namjoshi
Kilo Patron
Kilo Patron

‎07-14-2017 04:46 PM

Hi,



Following information is collected by discovery for windows on cmdb_running_process table.



http://wiki.servicenow.com/index.php?title=Data_Collected_by_Discovery_on_Windows_Computers#gsc.tab=...



You can get executable information in command field on this table. Please check sample screenshot below



find_real_file.png



Regards,


Sachin


Preview file
43 KB
0 Helpfuls

Fernando Gois
Tera Contributor
In response to sachin_namjoshi

‎07-19-2017 01:42 PM

Thank you Sachin. I am aware of that WIKI article.



What I am looking for is if Discovery is applying some "criteria" on which executables to store in cmdb_running_process table table?



For example, there is an executable 'DVDMaker' stored in this path in my own machine: C:\Program Files\DVD Maker\DVDMaker.exe



This entry is not found in the table? But there are other executables from my machine store in the table.



Could it be that Discovery is just adding to the tables the "processes" running in my machine at the moment of Discovery? In other words, the processes/services we are able to see via Task Manager? Like in the print shot below?


find_real_file.png


Thanks.


Preview file
45 KB
0 Helpfuls

cyked
Mega Guru
In response to Fernando Gois

‎08-15-2017 10:06 PM

Discovery will populate cmdb_running_process with any running process on a host at the time of discovery (i.e task manager on windows).   If DVDMaker is not running when you discover your machine don't expect it to show up on the running process table.


0 Helpfuls

ScienceSoft
Tera Guru

‎11-20-2018 05:13 AM

Hello Fernando,

you may find these processes if you righ click on "My Computer" icon an select Manage.

find_real_file.png

After that pease select Services - you will see the complete list of services. These are being found by Discovery.

find_real_file.png

Preview file
34 KB
Preview file
210 KB
0 Helpfuls