CA Client Automation

Hello everybody,

a supplier implemented for us ITCM, however we are not able to get full support and delays are too long.
Rherefore we are looking for help on internet.

i hope this is the right place for that, if not, sorry.

we manage almost 1300 computers (laptop / desktop) using CA ITCM.
we are at 99.5% using Windows system for those stations.

Analyzing Heuristic Software Definitions several questions appeared:

1. some heuristic SW definitions show a path value <not reported>
what does it mean ? are those signature real or it is just a bug ?

2. some heuristic SW definitions show a path value, however without any EXE file in the path (whereas some other do).
what does it mean ? can we say those signatures/definitions are correct ?
Adobe acrobat reader raises such issue as microsoft office.
for example:

Acrobat reader has a signature/definition like that:
signature name: Adobe Reader - 9.1.0.2009022700
path : C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe

but it has also:
signature name: Adobe Reader 9.1 - Slovak - 9.1.0
path : C:\Program Files\Adobe\Reader 9.0\Reader\

and:
signature name: Adobe Reader 9 - 9.0.0
path: C:\Program Files\Adobe\Reader 9.0\Reader\

so how should we understand those signatures ?

a similar situation with Microsoft Office.
signature name: Microsoft Office Visio Professional 2007 - 12.0.6425.1000
path: C:\Program Files\Microsoft Office\

and
signature name: Microsoft Office Visio - 12.0.6423.1000
path: C:\Program Files\Microsoft Office\Office12\VISIO.EXE

if we do a report on MS visio, users having such signature will have "like" 2 licenses for Visio. once as "Microsoft Office Visio Professional 2007 - 12.0.6425.1000" and another time as "Microsoft Office Visio - 12.0.6423.1000" as the first signature is based only on path and not on pair "path + EXE file".

so how does it really work ?

thank a lot.

Alain

Hi Alain

are you running both Heuristic and signature scans?

They are very different

Signature scans use the CA supplied and\or Customer defined signatures to detect the installed applications

Heuristic scans scan the Windows add or Remove programs database, MSI database and shortcuts in the desktop and start menu for the installed applications.

If you are running both this can give multiple reports for one application.

Hi Richard,

yes both, but according to supplier it's not the best practise to use CA definitions and it's better to use heuristic and custom signatures.
both are based on a full files scan 1x week and 1 per day scans (heuristic + signatures based).

What you wrote makes sense to me, however it has been told that only heuristic scans are not covering SW detections at 100%... so we listened to supplier :-)

basically, when we check SW signature/definition, we filter on heuristic source ONLY, and even like that we have such issue.

to what belong SW signatures without EXE or DLL or COM file in the path ?
can they be omitted or let say can we forget about them ?

i must confess it's a little bit messy from our point of view :-(

Yes, you could use Heuristic and Custom signatures but be sure to remove CA signatures in this case otherwise things get confusing fast. Personally, i think the CA signatures are decent but not complete i.e. HP Proliant Support Pack components are not discovered by default.

I use both and have no issues.

That is to say i think, if using both signature/heuristic scans, signature will win in my experience

Hi

We use only the CA signatures for reports.
We do scan heuristic as well, but this is to get a list of the applications which do not have a CA signature.
When found I let CA write a signature for them.
For very specific and own-written application I write a custom signature.

CA works hard to keep the signatures as complete as possible.

If you find an application not in the signatures there is a process to request the signatures be updated.

pleas see TEC413578 for details

Regards
Rich

Also the Lightscan utility is easy to package in SD and deploy via ITCM. What I do is packaged Lightscan to run from SD package and automatically upload the resulting .rar to a R/W share named after workstation. If I know I have a new piece of software I need to inventory I deploy the lIghtscan SD job to asset, wait for .rar to be created in my share, email .rar to CA, and in a couple of days the software is being inventoried in my enviorment.


Example Windows command line.

LightScan.exe -Eula accept -a -r SOFTWARE -o %WINDIR%\TEMP\lightscan.xml -z %WINDIR%\TEMP\lightscan.xml.rar

NIce Tip

Thanks

I tend to do the following for my desktops. Servers are different as the desktop builds are quite similar:

- Identify a couple of test machines
- On one machine configure a signature scan to run and identify all unknown .exes
- On the other, run a heuristic scan of the msi/arprg

Anything without a signature, i create on for and where possible, use lightscan to notify CA i.e. i've just uploaded one for the Cisco NAC Agent

On all other machines i run only Signature scan as i have many custom in house apps. I also run a 'scan .msi' job on all machines to detct msi instllations on an ongoung basis as these populate i the 'Installed PAckages' and hence dont effect my reports.

As part of the process of rolling out a new app, you create a signature for it. If everyone uploads as many signatures a possible to HP, we'll all be happier :lol: