I have some more queries regarding to fixlet “Removable Media: USB Storage Device Detected”.
A. While running fixlet “Removable Media: USB Storage Device Detected”, we observed following symptoms.
If someone connects a USB drive to a computer for 20 seconds, that computer does not reflect in applicable computers list of the fixlet.
Concerning to this symptoms, please what I wanted to know is,
a. Minimum duration for which a USB drive needs to be plugged in for reflecting in this fixlet.
b. Once a computer reflects as applicable in above fixlet, for how much time it remains there.
We have also seen that if a USB drive has been connected to a laptop and if we kept it like it is for around 30 minutes it did not reflect in applicable computers.
B. While generating a report for fixlet “Removable Media: USB Storage Device Detected”, it contains a section Remediated Computers, so what can be the criteria for putting a computer in remediated section.
C. Is it possible to modify name of columns, filter contents of a column, if we generate a report from a fixlet.
A1. The way the agent works for all Fixlets is that it loops between all Fixlets checking to see if they become relevant. After it becomes relevant, the agent tells is parent relay/server and then the data gets put in the database where it is polled by the console. There are a lot of factors that affect how quick all of these operations take. Generally you would not expect to see the applicable computers updated within 20 seconds.
A1a. There is no hard/fast minimum duration… it depends on the speed of your systems, the number of Fixlets, your relay hierachy, your console refresh rate, and so on. Usually I would expect that it would be a few minutes.
A1b. After the device is removed, the same process mentioned above will make the Fixlet become unrelevant.
A2. Usually I would expect it would be faster than this, but if the agent had a lot of Fixlets to evaluate, its CPU usage was lowered, there was actions running or other activity, or if there were delays in reporting the data to the server, then it could take longer.
B. If the Fixlet was relevant and then it became not relevant, it would appear in the “Remediated” section.
C. Which colums are you referring to? In the console, you can right-click on the computer column headings to add/remove global properties…
Note that this Fixlet uses a polling approach to check to see if USB devices are inserted. It is not event driven and it does not modify the underlying OS or drivers to change the way that the devices are inserted (some of our partner tools like DLP have functionality like that).
My main concern is that I want to display a warning message to the person when he plugs in USB to computer. I thought that I can do the same via fixlet “Removable Media: USB Storage Device Detected”.
A1a. There is no hard/fast minimum duration…would be a few minutes.
Here I would like to ask you that, after how much time should I suspect that bigfix is not performing its normal operation, like if I have connected a USB to my computer & if I do not get the notification message for an hour is that suspectable Or should I wait for another hour?
C. Which columns are you referring to? In the console, …to add/remove global properties…
I have created a report from fixlet “Removable Media: USB Storage Device Detected”. Customization/Changes that I want to do in this report are
Adding/Removing global properties.
Adding/Removing sections like Remediated Computers, Action Results.
Please let me know if such level of customization is possible with bigfix.