How does Discovery identify what software is installed?

Version 1

    Details

    How does Discovery identify what software is installed on an endpoint?


    Resolution

     

    In HEAT Discovery we are only interested in the Add/Remove programs entries, so looking at both the registry hives:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

    This is what we call a Product audit.

    For Classic Discovery we also gather information on all the executable files on a machine, where possible we will link these files to the Product that installed them.  For the other executables that we cannot link then we use the Embedded details of Manufacturer, Product and Version to try and work out a Product.