Hello
Running BigFix Inventory version 10.0.15 on Windows. The software classification report shows the path of a application that was discovered, for example Firefox. In some cases we see the path in a users profiles or associated with a embedded Firefox version in a application. If we go to these types of systems where it is discovered outside of a traditional path we are Not finding Firefox. We are trying to understand what exactly BFI has discovered. We made to set the view to show hidden files and folders. . It a bit confusing having BFI discovered this but then not being able to see the Firefox application in the installation path being reported on.
Are you using Roaming Profiles? Are the Profiles set to be deleted when the user logs off?
Can you post some specific paths you’re seeing (with the usernames replaced if you care about that) ?
Besides the user profile, sometimes BFI detects Firefox that seems to be part of another application For example c:\Program Files\Pollo\Firefox-ESR-52.7.0-Win64\core. In this case it appears a old Firefox version is part of a application called Pollo, but when we go to the path above on the box we are not seeing any Firefox directories.
WE are using roaming profiles and in theory they should clean themselves up but how all that works is not is our scope of work. People are questioning the data and I am trying to understand from a BFI perspective how it sees the world.
From the ‘Software Classification’ report, if you select the product/installation and click the Details link, it should show which signatures/files/packages triggered the detection.
In this screenshot it shows that ‘ShellRunas 1.02’ was matched because the file ‘shellrunas.exe’ matched a Name, Size, and Version check from a signature.
In our case we are getting reports of a old Firefox version 52.9. If I go into the details section the path provided C:\program Files (x86)\Mozilla Firefox does not exist on the computer.
I am wondering if maybe at sometime the application did exists was removed but BFI scans never updated. If I add the columns scanner catalog version and last scan attempt I get Catalog version 2638869.13 and the last scan was run on 4-23. WE have been using BFI for over 4 years and over that time management determined that they wanted the remove Firefox from the environment that is why I was wondering if this could be a artifact from a few years ago that was never updated within the BFI application.
If the new scan results are not received by BFI, it will not know about the changes on the end point. Will it be possible to run a new sw scan and verify that the upload/import completes for this endpoint to check the result?
So if I add the columns Package scan successful I get Yes as the answer. The column catalog scan not uploaded the value is no. This would lead me to believe everything is good. maybe I am not interpreting this correctly.
To further complicate things If I look in the updates for Windows Application site I see the ESR version of Firefox needs to be updated on 349 boxes but BFI is not detecting the ESR version as these machines are not showing up in BFI. I know there are two firefox channels.
Can you post a screenshot of the Details link, like I had on mine? I’m having some difficulty understanding what the detection looks like in this case.
Ok, but is that copy of FireFox present? In your earlier post you indicated a different file path and a different FireFox version.
example of the older version not installed in a standard location
And that file is actually not present on the machine? I was checking that the signature matched a file not a Package or Registry entry. I’m not sure how the scanner would flag a file that’s not present at all, that seems to be a pretty strict signature that it matched.
@ncpeteusa Have you considered checking for the existence of the file using client relevance such as in an analysis? I wonder if permissions might be interfering with your manual searches?
Also, in your BFI report of Installed Software, what do you see when you add the Discovery End and Present columns?
1 Like
