Testing using BigFix Console

The 'Test CIT Signature fixlet' allows you test custom signatures on selected endpoints, to discover if there is any match. For creating custom signatures refer to Extended signature templates.

About this task

Prepare a valid CIT signature in the XML format, like the signatures shown in the templates.
Important: This task is relevant if both 'Initiate Software Scan' and the 'Upload the Scan Results' fixlets complete at least once on selected endpoint. Software scan cannot be running when you want to perform CIT signature test.
To run the fixlet, perform these steps:
  1. Log in to the BigFix console.
  2. Go to Sites > External Sites > BigFix Inventory v10 > Fixlets and Tasks.
  3. Select Test CIT Signature.
  4. In the 'Enter a single valid CIT signature' field, paste the signature. Enter only one signature.

    Fixlet validates if the XML structure is correct, but it does not check the validity of the signature. If XML structure is incorrect, the fixlet will show an error with information about the problem and the line where it is located. The signature should not include <signature> and <xml> tags.

    Only local drives are scanned on the selected computers. For information about scanning shared disks, see: Discovering software on shared disks.

  5. To enable scanning of shared disks in basic mode, select 'Scan remote shared disks'. The basic mode is advised for environments where a single shared disk is mounted on a single computer or a few computers.

    This action uses the same CPU threshold, included and excluded directories as 'Initiate Software Scan' fixlet that is executed on this endpoint.

  6. To start the scan, click Take Action.
  7. Select the computers on which you want to initiate the scans and click OK to proceed.

Starting the action sends signature to the endpoint, where it creates custom catalog and performs software scan. Fixlet runs until results are ready, unless the time of execution exceeds 15 minutes. You can edit the timeout settings. See also, Timeout setting.

When fixlet completes, scan results are available on the endpoint at BESClint/LMT/cit_signature_test folder and compressed archive is available on BES Server in location: BES Server \UploadManagerData\BufferDir\sha1\<last 2 digits of computer id>\<computer id>\signatureTest_<computer_id>.

Result files:
  • Scan results are available in <computer_id>_cit.xml file, where a list of matches is found. If there are no matches, there is no data between <MatchedSignatures></MatchedSignatures> tags.
  • <computer_id>_citlog.log contains logging information from the scan
  • <computer_id>_citlog.xml contains signature warnings, if there is anything wrong with the signature, a warning appears
  • <computer_id>_catalog.xml contains tested signature
  • catalog_scan_status.info contains information if scan was successful, 1 for yes, 0 for no
  • last_catalog_scan_success.info contains date of the last successful scan
  • cit_test_sw_config.xml contains configuration for the scanner
  • runcit_sw.bat / runcit_sw.sh
  • set_shared_disk_scan.sh