Enabling collection of additional properties of Windows executables

Available from BigFix Inventory 10.0.1. You can enable the collection of additional properties of Windows executables by running a fixlet. The fixlet changes the configuration of the software scan for BigFix Inventory. When you choose to collect these properties and run the fixlet against a chosen endpoint, the software scan can recognize that additional data must be collected from an endpoint. If you choose to revert this setting, you need to run the fixlet again with collection checkbox disabled.

Before you begin

  • Upgrade BigFix Inventory server to version 10.0.1 or higher.
  • Upgrade the scanner to HCL Scanner using "Install or Upgrade Scanner" fixlet. Upgrade to this scanner is available only if BigFix Inventory is the only exploiter of the scanner. Alternatively, you can use "Install or Upgrade Scanner in private mode on Windows" fixlet.
  • If you upgrade BigFix Inventory from previous version, stop all Initiate Software Scan actions, and re-run the software scan for your endpoints. Post upgrade, BigFix Inventory collects additional information and hence the scan must be restarted.
    Important: This setting must not be enabled for more than 50 000 endpoints.
Perform a test activation on a small group of computers (up to 1000 endpoints) and check its impact on the BigFix Inventory data import. Once you import data for first group, move to the next group. A single group should not have more than 10000 endpoints. If you import data for more or all endpoints at once it would extend significantly duration of Data Import. This activation process is applicable for enabling the collection for the first time as well as all subsequent changes. It is also applicable for disabling the collection.

Impact of enabling data collection

The time taken for initial data import for each 10 000 endpoints after enabling the collection, might be three times longer than usual. For DB2 database, the transaction log usage during data import may increase by 80GB. The time taken for subsequent imports in an environment with 50 000 endpoints will be 25% longer than usual.

If you enable data collection import for DB2 and SQL Server databases, the disc consumption in BigFix Inventory may increase by 25%.

Additional properties are gathered during the software scan and the results are stored on the endpoint. For an average endpoint with 3000 discovered files, an additional 0.5 MB of disk space might be consumed. The additional data is compressed and transferred to BigFix server. So, the disc utilization increases by 1GB for an environment of 50 000 endpoints.

Procedure

  1. Log in to the BigFix console.
  2. In the navigation bar, click Sites > External Sites > BigFix Inventory 10 > Fixlets and Tasks.
  3. In the upper right pane, select Configure Collection of Additional Properties of Windows Executables.

  4. Enable Collect additional properties of Windows executables checkbox.
  5. Click Take Actions.

  6. Select the computers from which you want to collect checksums, and click OK.
  7. Optional: In the navigation bar, go to Analyses, select Additional Properties of Windows Executables Collection Settings, and click Activate. The analysis shows the current status of additional data collection on your endpoints.

Results

Now wait for a new Initiate Software Scan and Upload Software Scan results. Run Data Import in BigFix Inventory. Then you can retrieve additional properties of Windows executables through REST API for raw scanned file data. For more information, refer to Retrieving raw scanned file data.