Agent Client Collector File-Based Discovery
Summarize
Summary of Agent Client Collector File-Based Discovery
Agent Client Collector File-Based Discovery (FBD) enables ServiceNow customers to scan file systems on managed endpoints to discover installed software and maintain file inventories. It operates as a lightweight background process within the existing Agent Client Collector agent and is fully configured and managed from the ServiceNow instance. Administrators specify directories, file criteria, and scan frequency. Discovered files and their metadata—such as name, path, size, and version—are sent back to the instance and stored in the CMDB and relevant application tables.
Show less
Activation and Configuration
To activate FBD, use the Discovery Configuration Console within ServiceNow and enable the File Based Discovery toggle. Detailed configuration options and system properties are available to customize FBD behavior.
Supported Platforms and Required Plugins
- Supported operating systems: Windows, Linux, macOS
- Required plugins:
- File-based Discovery (com.snc.discovery.filebaseddiscovery)
- Software Asset Management - File Signature Normalization (com.snc.filesignaturenormalization) — activates automatically with File-based Discovery
- Agent Client Collector - Visibility Content (snaccviscontent)
- Software Asset Management Professional (com.snc.samp)
Delta Scanning
Delta scanning optimizes performance by minimizing data sent during repeat scans for the File Management policy. It works by saving a fingerprint of file paths and sizes on the endpoint after the initial full scan, then reporting only added, modified, or deleted files on subsequent scans. A full scan is forced periodically (default every 5 delta scans) to maintain accuracy. Note that delta scanning does not apply to SAM or SWID policies, which always perform full scans.
Archive File Scanning
Archive file scanning allows the agent to inspect ZIP and JAR files to discover software artifacts inside these archives without extracting file contents. This feature is disabled by default and can be enabled by setting the snaccviscontent.filediscovery.archivescanenabled property to true (requires discoveryadmin role). The agent reads archive indexes to collect metadata about contained files, applies the same filtering rules as for regular files, and reports discovered files accordingly. This enhances visibility into packaged software components while maintaining performance safeguards.
Agent Client Collector File-Based Discovery (FBD) scans file systems on managed endpoints to discover installed software and track file inventories.
FBD runs as a lightweight background process within the existing Agent Client Collector agent. It is configured and controlled entirely from the ServiceNow instance. Administrators define which directories to scan, which files to look for, and how often to scan. The agent discovers matching files, collects metadata such as name, path, size, and version, and sends the results back to the instance where they are stored in the appropriate CMDB and application tables.
For details on the FBD configuration and system properties, see Agent Client Collector File-Based Discovery properties.
Supported platforms
FBD supports the following operating systems:
- Windows
- Linux
- macOS
Required plugins
The following plugins are required for File-Based Discovery on Agent Client Collector:
- File-based Discovery (com.snc.discovery.file_based_discovery)
- Software Asset Management - File Signature Normalization (com.snc.file_signature_normalization) — Activated automatically once the File-based Discovery plugin is active
- Agent Client Collector - Visibility Content (sn_acc_vis_content)
- Software Asset Management Professional (com.snc.samp)
Delta scanning
Delta scanning is a performance optimization that applies only to the File Management policy. It reduces the volume of data sent from the endpoint to the instance on repeat scans.
The delta scanning process works as follows:
- First scan — A full scan runs. All matching files are sent to the instance. A fingerprint, which is a snapshot of all discovered file paths and sizes, is saved locally on the endpoint.
- Subsequent scans — The scanner compares the current file list against the saved fingerprint and reports only the differences:
- Added — files that exist now but were not in the previous fingerprint
- Modified — files that exist in both but with a different size
- Deleted — files that were in the previous fingerprint but no longer exist on disk
- Periodic full scan — After a configured number of delta scans (default: 5), a full scan is automatically forced to verify accuracy and correct any drift.
Archive file scanning
Archive file scanning extends file-based discovery to inspect ZIP and JAR archive files and report the files contained within them. This enables discovery of software artifacts such as executables and libraries that are packaged in the ZIP or JAR files on the endpoint.
Archive file scanning is disabled by default. To enable it, set the sn_acc_vis_content.file_discovery.archive_scan_enabled property to true. This property requires the discovery_admin role to modify.
When archive file scanning is enabled, the agent inspects each ZIP or JAR file encountered during a directory scan. The agent reads the archive's internal index to enumerate the files inside. No file content is extracted or decompressed. Only metadata is collected.
For each file found inside an archive, the agent applies the same filtering rules used for regular files on disk, including SAM allowlist and File Management extension rules. Files that pass the filters are reported alongside other discovered files.
For filtering rules and performance safeguards, see Archive file scanning filtering rules and limits.