Software Whitelist

Usage and Config BFI
1

Recently installed BigFix Inventory, but I cannot find a Software Whitelist function. Does anyone know of a way to do this, either in BigFix Lifecycle or Inventory?

I would assume a big and expensive solution like this would have a white listing feature, but perhaps I’m wrong. I thought Software Classification was it but it doesn’t seem like it.

2

Do you mean whitelisting as in “an application not in the list will not execute on the endpoint”, like AppLocker / Software Restriction Policies ?

I don’t believe Inventory does that, it’s more of a license tracking and application discovery tool.

There are third-party integrations to integrate RES Whitelisting, and I think there may be one with Carbon Black. I’d also check whether the pre-release integration for Windows Security Center (on IBM X-Force AppExchange) handles whitelisting.

You may want to engage with your IBM reseller to see what other options are available.

1 Like
3

Jason,

I was thinking more of a “review” instead of preventing apps from running.

So for example, list existing apps (w/o duplicates) so that I could categorize them into 2 groups, one for “approved” apps and one for “not approved/follow up” ones.

I know my users have a bunch of non approved stuff (e.g. tax software for their personal use) but I need something to aggregate everything nicely in a list so I can single out the offenders.

A way to do it is to obviously export a list of all installed s/w then manually go through, but I cannot afford doing the list every month unfortunately.

I will look into the options you mentioned, thank you.

4

Oh I think what you’re looking for then is totally doable with Inventory.

I just don’t know how to do it. Maybe along the lines of creating Contracts for your allowed software, then looking for the software that doesn’t have contracts.

5

You definitely want BigFix Inventory to collect the software asset data on all our endpoints. The software catalog provided with the subscription will include nearly 10k vendor and 60k software title entries. As @JasonWalker mentioned, you can create contracts within the tool to report on compliance against know metrics. Additionally, you can create custom software signatures to identify custom solutions that are not contained within the catalog.

Does your organization already own appropriate BigFix Inventory licensing?

6

@patchpro

BigFix Inventory is discovery tool, so it doesn’t really support this sort of policy question. For that, you need a product which captures approvals and establishes policies for software assets, and which uses BFI data for reconciliation against the authorized data. However, there are a couple of approaches that might be adequate for your needs. It just depends on how many entries are in your whitelist/blacklist.

In addition to creating Contracts as suggested by @JasonWalker, another option is to create and save a custom report from the Software Installations base report with a filter like the following which excludes Approved Software from the report:

[(Software in Catalog) Name] [does not contain] [approved software title 1]
[(Software in Catalog) Name] [does not contain] [approved software title 2]
[(Software in Catalog) Name] [does not contain] [approved software title 3]

and the reverse, which includes only Prohibited Software:

[(Software in Catalog) Name] [contains] [prohibited software title 1]
[(Software in Catalog) Name] [contains] [prohibited software title 1]
[(Software in Catalog) Name] [contains] [prohibited software title 1]

Here’s another approach which may be useful. Add a Metric Custom Field, like “Managed As”, which can be used in the All Metrics report. Here, “Managed As” contains 3 possible values:

  • Managed: Under License Management, should have a Threshold value
  • Authorized: Approved for use, but does not require License Mangement
  • Prohibited: Not approved for use, should have a Threshold value of 0 (note the red values when Threshold Delta is negative).

You should compare this against the data from the Software Installations report to validate that the software you’re looking for is being captured in the All Metrics report. The screenshot below is from a report that has been filtered for the Metric of “Install Seats”, but the principal applies to any other metric as well.

2018-06-08_12-20-35
2018-06-08_12-20-351264×657 108 KB

3 Likes
7

Software Installations with filtering will do the trick…albeit there’s a lot of manual work involved. But that’s ok since I can permanently save the entries so I won’t have to redo the work.

Thank you @itsmpro92 !!I will look into the additional options but this is looking promising!

Would you how it locates software? For example, if I have e.g. an executable of KeyPass on my desktop, will it pick it up (assuming it doesn’t how up in Control Panel)?

8

Glad to help out, @patchpro .

The catalog contains signatures for discoverable software components. These signatures can be based on file data, package data, or software ID tags.

The current catalog contains 33 signatures for the KeePass software. For instance, KeePass Password Safe 2.3.1 is discovered by the signature:

A computer running Windows has:
___ File Name: keepass.exe File Version: 2.31

The software scanner which runs on your computer collects a list of all the executable software on a computer, along with a list of all the installed software packages from the registry, and any software ID tags found on the file system. This data is imported into the BFI database, where it is available for reporting.