The “Initiate Software Scan” fixlet kicks off a software scan but does not wait for it to finish. Does anyone have a reason why it’s a run and not a wait, and if there is an approved way to have the fixlet wait for the scan to complete before finishing? I want to run it in a baseline but only continue after the scan is completed.
thanks
What do the BESClient logs on one of the targeted endpoints say with regards to the software scan action? You can query the logs by the software scan action ID.
Hi @cstoneba
I can think of a few reasons for this behavior:
- the scan is a potentially long-running activity, and is sensitive to the loads on the client while it is running, and different machines have differing levels of drive space and activity. Notice too, that the agent is not responsible for this work, rather it is a separate executable. The level of impact on the client computer is customizable, as well.
- the scan data upload is the responsibility of a different task, and you can check the relevance on this Task 3: Upload Software Scan Results. It is monitoring for the completion of the scan so the captured data is uploaded as soon as it is ready.
- scanning is also designed to be a background process, because it is tracking usage as well as presence of software
- typically, scans run once a week or less frequently, depending on the amount of flux in the software asset world.
To your point, you could roll your own task that combines the two out of the box tasks. If you do this, I would recommend bumping up the CPU threshold value to a much higher than normal value to ensure rapid completion of the scan (since I presume this is occurring during a patch cycle).
2 Likes
Yes, as was mentioned, the scan can take a while to run on some systems, and the BigFix agent wouldn’t be able to run any other actions until it completed (if ‘wait’ was used). The BFI analyses are used to confirm when a scan completes or if there are any issues with the scans.
For our use case, we run the scan during monthly patching within a multiple action group. Having the scan initiate (but not know if it finishes successfully or not by the action result code) is unique and not knowing how long it will take to run from the start time / finish time of the MAG causes challenges for us.
Rather than customizing the scan task itself(which is subject to being changed), I’d recommend adding another custom task to run as part of the baseline after the scan is initiated. This new task would just pause until the scan is finished (optionally, giving up after some period of time).
The action on this could just be something like
pause while {exists processes whose (process name of it = "scanner") and (now - start time of action < 30 * minute)}
(I don’t know the scanner’s actual process name offhand)
2 Likes
Good idea. Here’s the relevant relevance from the Upload Software Scan Results task.
(not exists process whose (name of it = "wscanfs"))) else (not exists process whose (name of it = "wscanfs.exe" or name of it = "wscanfs"))
and that’s cross platform?
Those are the file system scanners for windows and unix. The other processes are called wscansw.exe and wscansw.
There are a number of files that get created after the scan runs. Once those are uploaded then the scan task is truly completed. It is likely that you will want this to be action to also finish before your baseline proceeds.
Anything in the relevancy of “Initiate software scan” that prevents it from running while it is already running, which I could use for my “pause” fixlet?
Other than checking for the existence of prerequisite folders, supporting programs, and files, it is the presence of scanner processes noted above that prevent the Initiate Software Scan Task from becoming relevant.
ok. i’ll give this a try. thanks
pause while {exists process whose (name of it starts with "wscanfs") and (now - start time of action < 30 * minute)}