Skip to main content

The scanning process

Snow Inventory Agent for Windows scans the file system and the registry and collects information from the Windows Management Instrumentation (WMI). A combination of data from these sources is then used by The Data Intelligence Service (DIS) to identify the details of the software, such as product name, version, and edition.

Snow Inventory Agent for Windows can be scheduled to run daily, weekly, monthly, or at Windows start-up. The scan schedule is configured via the Schedule element in the agent configuration file. As a Snow License Manager customer, you also have the possibility to configure the scan schedule via the Snow Inventory Admin Console.

Randomization can be applied to the daily, weekly, and monthly occurrence types. It adds a random delay each time a scan is scheduled which will spread the start time among the agents and distribute the load when many agents are configured to scan at the same time.

Before a scheduled scan starts, the agent checks when its last scan was run. If it was run the same day, no new scan is performed. This means that a scheduled scan will never be performed more frequently than once a day. This check is not done when a scan is run from the command prompt.

When a scheduled scan is completed, the result is sent immediately to a Snow Inventory endpoint (Snow Inventory Server or Snow Extender).

Heartbeat

In addition to the scheduled scans, the Windows agent sends heartbeats according to a configurable interval. The heartbeat is a simple communication between the agent and the Snow Inventory endpoint, where the agent asks the endpoint for tasks. Examples of tasks include agent updates, configuration updates, addition or removal of support files, and initiation of scans outside of the configured schedule.

The minimum interval between heartbeats is 10 minutes.

For details on the configuration of heartbeats, see the http.poll_interval and http.poll_variance settings in Configuration reference.

Agentless scan

A remote script or a logon script can trigger the agent to perform a scan on a computer without installing the agent locally. To achieve this the agent files need to be saved on a network share for which the domain users have read and execute access. However, an agentless scan is limited to software and hardware inventory; no software metering will be gathered.

Scanning the registry

The agent can query the registry to find software details, and for that uses a pre-defined list of registry keys to be scanned. The agent will collect a maximum of 128 results from each of the registry queries.

Running PowerShell scripts as part of the scanning process

The Windows agent has support for running Windows PowerShell scripts as part of the inventory scanning process. The built-in functionality uses the output of the Windows PowerShell scripts to identify software and custom registry keys. This enables scanning of additional information from software products, and can also be used for custom tasks such as identifying which users are local administrators.

The agent will look for scripts with filenames starting with Scan- and the file extension .ps1 located in any of the following folders:

  • The working directory: C:\Program Files\Snow Software\Inventory\Agent

  • The data folder: C:\Program Files\Snow Software\Inventory\Agent\data

  • The psscripts folder: C:\Program Files\Snow Software\Inventory\Agent\psscripts

note

PowerShell’s default script execution policy does not apply to scripts written exclusively for Snow Inventory Agent for Windows.

PowerShell script integrity modes

PowerShell scripts can be run in low or medium integrity mode. For details regarding Windows integrity modes, refer to Microsoft's documentation What is the Windows Integrity Mechanism? .

For the script to be run in medium integrity mode, the following conditions must be fulfilled:

  • The flag #MediumIntegrityLevel must be added to the script on a separate line.

  • The script must be signed with an Authenticode signature. For more information on the signing process, refer to Microsoft's documentation Set-AutenticodeSignature .

  • The certificate used to sign the script must be trusted by the target computer.

    If you are using a self-signed certificate, you must install the root CA on each computer so that the computer can validate the signature. If you use a certificate that has a trust chain to an already trusted root CA, you do not have to install any certificate on your computers.

You do not have to sign scripts that are run in low integrity mode, although it is good practice to do so.

note

If your signed script will contain non-ASCII characters, it is good practice to use a file encoding that supports localization, like UTF-8 BOM, to prevent HashMismatch errors on operating systems which are not setup to use en-US.

note

For Snow Inventory Agent for Windows version 6.14.5 or earlier, running a script in medium integrity mode is enabled in a different way. For more information, see PowerShell script integrity modes and custom encryption prior to version 7.