We also get executed files using Softmon.exe.
We also get files in an Application when we use collector.exe to look for applications.
Is there a simple way to determine what method is collecting/reporting this information?
If we want to collect something that isn't there, is there a preferred method? I am learning about the ld3appl.ini file and that's the only way I know right now.
Thanks for answering my questions.
If an executable is executed, softmon.exe adds that executable to the registry. So you could look at the client registry to see if it is executed.
If an executable is in an Automatically Discovered Product, then you can find it by clicking on the Automatically Discovered Product.
1 of 1 people found this helpful
You could add NTRTSCAN.EXE to SLM. Also I believe Trend is one of the vendors LANDesk picks up automagically in the Inventory Security | Antivirus Software | Antivirus.