Running a baseline inventory scan for applications deletes the removed application history from ePO
Last Modified: 2023-02-23 10:41:10 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Running a baseline inventory scan for applications deletes the removed application history from ePO
Technical Articles ID:
KB96045
Last Modified: 2023-02-23 10:41:10 Etc/GMT Environment
Policy Auditor (PA) - 6.5.3 and above
Summary
Policy Auditor (PA) allows you to configure inventory collection scans for separate categories. These categories include applications, registered extensions, operating system, system information, and port/network information. All processed inventory data, including applications that have been removed, are stored in the ePolicy Orchestrator (ePO) database. When a user chooses to run a reset baseline scan for applications on an endpoint, the previously stored application data for that endpoint including what applications have been removed from that system, are deleted from the ePO database. The change in behavior is due to optimizing the performance of inventory scan result processing on the ePO server. All application data, including removed applications, for assets are stored in the NOTE: This issue is applicable only for application reset baseline scans. There's no change in the behavior for other scan types such as full, incremental, and sync scans. You can run a one-time inventory sync scan to make sure that the ePO database and endpoints are in sync with inventory data collection. An Inventory Sync Scan forces the PA Agent installed on the endpoint to resend the scan results that it has already gathered and processed. It doesn't initiate a new scan to gather new data. Affected ProductsLanguages:This article is available in the following languages: |
|