Installing the scanner

The scanner collects hardware information as well as information about files and packages that exist on the computers in your infrastructure. Install the scanner on every computer on which you want to detect software. If you enabled the default scan configuration, the scanner is installed automatically and this configuration is not required.

Before you begin

Before you install the scanner, note the following considerations.

  • Ensure that the BigFix client is installed and running on the computers on which you want to detect software and that the computers are subscribed to the BigFix Inventory v10 site.
  • To install the scanner on a WPAR, you must install it on the LPAR first.
  • 9.2.17 AIX Ensure that on AIX the xlC.rte library version or higher is installed on the target computer.
  • Linux
    • For scanner versions 9.2.17 and 10.0.0, ensure that on Red Hat Enterprise Linux 8.0 is installed on the target computer.
    • For scanner versions and below, ensure that is installed on 32-bit Linux x86 computers.
  • UNIX Ensure that the library is installed on the target computer.
  • Mac OS X Software discovery on Mac OS X does not require installing the scanner nor scheduling regular uploads of scan results. To enable the discovery, it is enough to run the package data scan.

About this task

The scanner can be used by multiple applications. By default, the scanner that is delivered with BigFix Inventory is installed in the single user mode. It means that if it is used by other applications, it must be run by root (UNIX) or SYSTEM (Windows). If any of the applications requires that the scanner is run by a different user, install it in the regular mode. For more information, see: CIT deployed by LMT/BFI 9 by other IBM products.


  1. Log in to the BigFix console.
  2. In the navigation bar, click Sites > External Sites > BigFix Inventory v10 > Fixlets and Tasks.
  3. In the upper right pane, select Install or Upgrade Scanner.
  4. 9.2.5 Select the installation directory. You can choose the default directory, or an alternative one. In the latter case, the scanner is installed in the same path as the BigFix client.
    Note: The setting applies only to new installations, you cannot change the path if you are upgrading the existing scanner.
    Scanner installation directory
  5. Click Take Action.
  6. Select the computers on which you want to install the scanner, and click OK.
    The image shows how to select computers on which to install the scanner.
    Tip: To ensure that the action is applied on all computers that are added in the future, select Dynamically target by property.


You installed the scanner on the computers in your infrastructure. To view information about the installed scanner, for example its version, activate the Scanner Information analysis, and open the Results tab.

What to do next

After you install the scanner, schedule software scans.

Installing or Upgrading the scanner in a private mode

About this task

Private scanner installation mode allows to install BigFix Inventory private CIT instance that does not share any resources with global CIT installation made by other CIT exploiters.

The task installs CIT binaries in <BES Client>\LMT\CIT\scanner directory, but without registering the instance in CIT global files (no cit.ini or other global CIT configuration files).

In case when there is a global CIT with SUA exploiter already installed, the SUA exploiter will be uninstalled from the global CIT and upgraded to the private version.

The following custom CIT settings will be moved to the private mode:
  • CIT trace log level
  • maximum size of trace files
  • maximum number of trace files
Note: The 'custom cache location' CIT setting is not moved to private mode.
Settings, such as ‘list of the excluded directories’, that are available at <BES Client>\LMT\CIT directory remain unchanged while moving to the private mode.

The installation requires at least 70 MB of free disk space on the drive where BigFix client is installed. The private installation mode is available currently for Windows platform only.

To check the version of the scanner that is currently installed on the endpoints, activate the analysis: Scanner Information. The scanner that is installed in the private mode would have exploiter 'BFI Private'.

Note: Automatic catalog propagation will not work automatically with the scanner installed in the private mode up to BigFix Inventory version

To make it working you have to update the Catalog Download fixlet templates in the BFI server using 'Update Catalog Download fixlet templates on BFI server' fixlet.


The Install or Upgrade Scanner fixlet uses an executable that by default runs directly from the /var directory, a partition on the endpoint. If you choose to install the scanner in another location, specifically under the BESClient directory in '/var', and then add the 'noexec' restriction after the scanner installation, it can cause issues with scanning fixlets as well. The fixlets will not work when '/var' is set with the noexec option. Therefore, ensure that '/var' directory is not set with the noexec option.
If /var is set to noexec, take one of the following actions:
  • Remove the noexec mount option.
  • Move /var/opt/BESClient to a different partition, which is not noexec, and create a symbolic link to it in its place.
Note: There is a fixlet available to move the BESClient and create symbolic links. To know more about the fixlet, refer to