Running process-based discovery platform coverage and properties

  • Release version: Yokohama
  • Updated June 5, 2026
  • 1 minute to read

    • Platform coverage identifies which operating systems are supported and what privileges the agent needs for full coverage. The system property controls whether the feature is enabled or disabled.

    Platform coverage

    Coverage depends on the privileges available to the agent on each operating system.

    Table 1. Platform coverage for running process-based discovery
    Platform Default coverage Requirement for full coverage
    Windows Full coverage of all running processes. The ACC service must run as the Local System account. Set the ACC service's Log On As to Local System.
    Linux Limited to processes owned by the agent service account. The agent service account must have permission to query process information for processes owned by other users. The servicenow user must be able to run osqueryi without a password. For more information about servicenow user permissions for osqueryi, see Configure ServiceNow sudoers file.
    macOS Limited to processes owned by the agent service account. The agent service account must have permission to query process information for processes owned by other users. The _servicenow user must be able to run osqueryi without a password. For more information about _servicenow user permissions for osqueryi, see Configure ServiceNow sudoers file.
    Note:
    On Linux and macOS, if the additional privilege is not granted, the feature still runs but discovers directories only for processes owned by the agent service account. The daily scan continues normally on your configured directories. No errors are raised.

    System property

    The following property controls whether running process-based discovery is active. You can configure it from the System Properties page (All > System Properties > All Properties).

    Table 2. Running process-based discovery system property
    Property Default Description
    sn_acc_vis_content.file_discovery.fbd_process_scan_enabled false Primary on/off control for running process-based discovery. When set to true, the agent policy that collects process directories is activated and the daily FBD scan includes process-discovered directories. When set to false, collection stops and the daily scan uses only your configured scan directories.