Types of software scans

The scanner can search for different types of information to determine whether the software is installed or to measure its usage. Generally, all types of scans should be run regularly. However, you can choose to run different types of scans at different times or distribute the scan schedule over the computers in your environment to improve the performance of the import process.

Software discovery

Catalog-based scan

In this type of scan, the BigFix server creates scanner catalogs that are sent to the endpoints. Based on those catalogs, the scanner discovers exact matches and sends its findings to the server. Scanner catalogs do not include signatures that can be found based on the list of file extensions nor entries that are irrelevant for a particular operating system.

File system scan

In this type of scan, the scanner uses a list of file extensions to check whether any files with those extensions exist on the endpoints. Then, it returns the findings to the BigFix server where the discovered files are compared with the software catalog. If a particular file matches an entry in the catalog, the software is discovered.

Collecting executable files based on application usage

9.2.8 Linux Solaris Starting from application update 9.2.8, the file system scan additionally reports files that are based on processes that have been run on the computers in your infrastructure, regardless of their extension. To view these files, you need to meet the following criteria:
  • The BigFix server and client are in version 9.5.5 or higher.
  • The operating system is Linux or Solaris.
  • Application Usage Statistics analysis is activated.
The reported files, with supplementing information such as path and size, are available on the Scanned File Data report and can be used to create custom discovery and use signatures for software components. If the process has been active at least once since the feature was turned on and the associated file exists on the computer, this file is displayed on the report.

This feature is enabled by default. To stop collecting information about the files, run the Disable Collecting Executable Files Based on Application Usage fixlet. In case you need to reactivate this feature, run the Enable Collecting Executable Files Based on Application Usage fixlet.

Note: Checksums collection (MD5 and SHA-256) for these files is not supported.

Outputs of the file system scan

The scan generates two outputs: full file system scan and delta file system scan. The former contains information about all files that were discovered on the endpoint. The latter contains information only about files that changed between the last two full file system scans. Both outputs are generated during every scan and uploaded to the BigFix server. However, only one of them is imported to BigFix Inventory.

Delta file system scan is imported to BigFix Inventory in the first place to improve the import performance. Full file system scan is imported instead of the delta scan in the following cases:
  • The file system scan is run on the endpoint for the first time
  • The BigFix client was reinstalled on the endpoint
  • The delta file system scan is larger than one third of the full file system scan
  • The endpoint does not meet the prerequisites for generating the delta scan. If any of the prerequisites are not met on an endpoint, check the BES_Client\LMT\CIT\delta.log file for more details.
    • UNIX sed, diff, wc, tar, gzip, expr
    • Windows VBScript interpreter
Package data scan
In this type of scan, the scanner searches the system registry to gather information about Windows™ and UNIX™ packages that are installed on the endpoints. Then, it returns the findings to the server where the discovered packages are compared with the software catalog. If a particular package matches an entry in the catalog, the software is discovered.
Software identification tags scan

In this type of scan, the scanner searches for software identification tags that are delivered with software products. Then, it returns the findings to the BigFix server where the tags are processed. Based on the information that they contain, the software is discovered.

Additional scan capabilities

Application usage statistics

In this type of scan, the scanner gathers information about processes that are running on the endpoints. Then, it returns the findings to the BigFix server where the data is translated into usage statistics.

The usage data is first collected when the BigFix client is installed on an endpoint, and an application usage statistics is enabled. The statistics are displayed on the Metering Data report. When the processes are matched against usage signatures from the software catalog, or custom usage signatures, the statistics are available on the Software Classification panel.

9.2.11 Starting from application update 9.2.11, BigFix Inventory additionally collects application usage data in a new format.

Remember: By default, the usage scan is scheduled to run weekly to avoid performance issues. If you want to collect software usage on a daily basis, run the usage scan daily.
Resource utilization scan
In this type of scan, the scanner searches for software license metric tags that contain information about types of licenses that can be used by a product and their usage. The scanner returns its findings to the BigFix server where the tags are processed. Based on the information that they contain, the maximum usage of license metrics over the last 30 days and its trend value are calculated. For more information, see: Raw utilization of license metrics.
Tip: The scan collects information about license metrics that are reported by products which implemented the ISO/IEC 19770-4:2017 standard. Because the volume of the collected data might be large, do not run this scan if you do not want to monitor these metrics.
9.2.13 User information
In this type of scan, the scanner collects information about users of the specific software products that help calculate the usage of some license-based products. The results are shown on the All Metrics and Software Users reports. For more information, see: Available reports.