Skip to main content

The scanning process

Snow Inventory Java Scanner performs a file system search in the same locations as the Snow Inventory Agent, configured in the Software element of the agent configuration file, snowagent.config. For more information, see Agent configuration file.

For Linux, macOS, and Unix environments, the file system search will ignore all mounted drives with a file system type different from the root (/) file system type, unless it is listed in <Software><IncludeCriteria><FileSystem>.

For Linux and macOS environments, the following fixed exclude paths are added to align the file search behavior with the Snow Inventory Agent:

PlatformExclude paths
Linux/net/*
/panfs/*
/tmp/*
/boot/*
/usr/include/*
/usr/share/*
/usr/src/*
/var/*
macOS/.MobileBackups/*
/.Spotlight-V100/*
/.Trashes/*

For Linux environments, you can configure bind mounts and autofs mounts to be excluded from the scan. For Unix environments, you can configure bind mounts to be excluded from the scan. See Configure the agent to exclude bind mounts and autofs mounts from the scan in the Snow Inventory Agent for Linux user guide for a description of both configurations.

note

The inventory data collected by the scanner reflects a snapshot of the Java environment at the instant when the inventory scan is performed.

File scanning

The scanner searches for the following files to get information about the Java installations:

PlatformFilenames
Linux
macOS
Unix
java
jcmd
Windowsjava.exe
jcmd.exe
java*.msi
note

File types and paths specified in the <Software><Exclude> section of the agent configuration file, snowagent.config, will not be included in the scan. Therefore, for the scanner to collect all the required files, you must make sure that the files listed in this section are not part of the <Software><Exclude section>.

Scanning active Java processes

If found in the scanned locations, the Snow Inventory Java Scanner will use JDK's JCMD utility in order to find active Java processes and detect the usage of the Java Flight Recorder commercial feature. The following JCMD commands are executed:

  • jcmd -l

  • jcmd {process_id} VM.system_properties

  • jcmd {process_id} VM.check_commercial_features

Identifying Java installations

In order to properly identify Java installations, for each Java executable that is found during the file system search, the following command is executed:

  • {path_to_java_exe} -XshowSettings:properties -version

Security level of the scanner

If the scanner is executed with a dedicated user, every Java executable found during the file system search will be treated as a secure (admin) path and all the commands will be executed in the same security context as the user executing the scanner.

When executing the scanner with elevated permissions, that is, as Administrator (Windows) or root (Linux, Unix, and macOS), the security level at which the scanner will be executed can be configured, see Configure the security level of the scanner.