Custom Software Tool systemhound
From systemhoundwiki
Contents |
Introduction
Launch this application via the Console Application systemhound
This section explains the targeted detection methods that systemhound uses to discover software, to ensure that you have a complete and accurate picture of your software inventory. It also details a number of options to further customise the software reporting if you wish to discover additional software that is not being found by the default methods or to report on additional product details.
Software detection within systemhound is a targeted process that aims to have minimal impact on the user machine. By default, software is discovered from the Registry, Add/Remove Programs and Services (see Configuring Application Reporting in the Central Configuration document for further details). Additional options are:
- Program Files scanning
- Full hard drive scan on individual machines
- Custom Software Tool
Software dictionaries or other forms of third-party software definitions are not used by systemhound. With systemhound, you do not have to worry about updating any software definitions! If it’s present, the software will be discovered and your inventory is always kept up to date.
However, you may wish to further customise the software detection – you may have software that is not being discovered from the default locations or you may want to report on additional product details. There are a number of options available towards this end, such as enabling a scan of the Program Files directory or running a full hard drive scan and then copying selected software across into the custom detection file.
The option to do a full hard drive scan should be used as a last resort, as it returns a very large amount of software data, often making an audit unmanageable for the end-user. The full hard drive scan has to be run manually on user machines and cannot be enabled from the Central Configuration Tool – hence it is not possible to carry this out automatically on all user machines.
The Custom Software Tool provides a means of easily incorporating software data returned from a full hard drive scan. It can also be used to configure systemhound manually to add software that is not being picked up automatically, or to report on additional product details.
Note: Unlike some other commercially available auditing products, Hard Drive scanning is not turned on by default because of the detrimental effect that a full hard drive scan can have on the client machine. The targeted detection methods that systemhound uses are a more effective long-term auditing solution for your environment.
Program Files scanning
A scan of the Program Files directory can be enabled to let systemhound report on all executables found within this directory. As a large number of software executables are returned from this method, it is not recommended that this option be turned on permanently, as the inventory scan will take longer on user machines and the software report will grow very large, making an audit difficult.
The software discovered from a Program Files scan is visible on the software reports as normal. Program Files scanning is enabled from the Central Configuration Tool and can be carried out on every user machine or selected Operating Systems, as desired. See the separate documentation detailing the use of the ’central configuration tool’ for more details.
Using the Custom Software Tool
The Custom Software Tool provides an easy way to manage the large amount of software returned from a full hard drive scan. Unlike software discovered from a Program Files scan, all of which is reported to systemhound, software returned from a hard drive scan needs to be added to systemhound’s software detection programs first. The customized changes are then distributed to all client machines.
The Custom Software Tool also enables you to add software and additional product details manually. For example, systemhound detects the installed version of ’Norton Antivirus virus definitions’ via a custom entry within the file ’avplugin.db’ (see below). The ’Norton Antivirus virus definitions’ version is not software, strictly speaking, but is very useful information as it enables you to keep track of current virus definitions on all machines in your enterprise. Any custom software detection is reported both in the software estate summary as well as individual software reports, just like standard software.
It is also possible to add any file that you may wish to see in the reports and systemhound will discover it if present at the specified location.
The custom software tool can be launched directly from "Program Files\systemhound\Utils\CustomSoftware\ShCustom.exe". The individual tabs correspond to software detection based upon ’file’ detection, ’registry’ entry and ’initialisation’ file. The entries are stored on the file system within avcustomer.db.
What is avcustomer.db?
Any customizations that you make to the software configuration by using the Custom Software Tool are retained in this file and distributed to systemhound clients. It is not necessary to edit this file manually. This file is present in Program Files\systemhound\Release\Operating System\Plugins on the systemhound server, one file per Operating System. This file should be backed up before upgrading to newer versions of systemhound, and then restored after the upgrade.
What is avplugin.db?
This is a pre-defined list of software that has been known to be exist outside the default locations that systemhound identifies software from. It contains older software and additional product details that you may find useful to have on the reports; if present on your machines, systemhound will report them. The file will be installed by default in the Program Files\systemhound\Release\Operating System\Plugins directory when you install systemhound, and it is recommended not to edit it. It gets updated with new releases of systemhound.
Adding Software Manually
The Custom Software Tool provides the ability for you to add software manually, instead of or in addition to running a hard drive scan. For example, you may have certain older software that you find is not being reported by systemhound’s default methods, and is not retrieved by running a hard drive scan as it is not an executable. You will need to work out whether the application has its definition in the registry, or in an INI file or can simply be defined using its filename. For example, Microsoft Visual Basic 3 is defined in a file called vb.exe and can be easily added in using its description, as shown within the next section.
Figure 1: add software via filename
Using a Filename
1. Click on the File tab and then click on Add. Enter the description, manufacturer and filename fields, as shown in Fig 1. Click Add and continue manually adding more software. Click Done when finished.
2. Once you have finished your customizations, save your changes by clicking Save Custom Configuration. An additional use of this facility is to configure systemhound to report on any file, if present at the specified location.
Using a registry entry
1. This feature allows you to add software manually as defined from the registry or to add additional product details that you wish systemhound to report on. An example could be the virus definitions version of ’McAfee VirusScan’ – a customisation included by default with systemhound.
2. Click on the Registry tab and then click on the Add button.
3. Fill in the Description, Manufacturer, Registry Key and Registry Value fields as shown in Fig 2. The Registry Key value is case sensitive and must be entered in square brackets ([]) although these will be put in automatically should you omit them.
4. Click Add and continue manually adding more software. Click Done when finished. Once you have finished your customizations, save your changes by clicking Save.
Figure 2: adding software via the registry
Note: If you wish to select a default value from the registry enter a @ into the 'Registry Value' box.
Using an INI file entry
1. This feature allows you to add software manually as defined from an INI file or to add additional product details that you wish systemhound to report on. An example could be the virus definitions version of ’Norton Antivirus’ – a customisation included by default with systemhound. Fig 3. shows you what a typical INI file looks like.
2. Click on the Current INI Software tab and then click on the Add button.
3. Fill in the Description, Manufacturer, Filename, Section and Value fields as shown in Fig 7.7. Note that the Section and Value fields are case sensitive.
4. Click Add and continue manually adding more software. Click Done when finished. Once you have finished your customizations, save your changes by clicking Save Custom Configuration.
Figure 3: adding software via an INI file
To read from:
Figure 4: example of a typical INI file. definfo.dat contains Norton Antivirus definition verstion details
Full Drive Auditing
Scanning the Hard Drive
Shfullscan.exe, found in Program Program Files\systemhound\Utils\CustomSoftware, does a complete scan of the machine and generates a list of systemhound compatible section definitions for all software executables found on local drives on the machine. No other file types are found. You should run the tool under a local administrator account to ensure the scan is able to access all files on the machine.
Run the executable on the machine you wish to generate the audit by simply copying the executable to the target machine and double clicking the executable. The introduction page will be presented:
Figure 5
Click next on the ’perform scan’ page and enter the path and filename the audit details should be saved to. By default this location is set to the users desktop.
Figure 6
Click next and the scan will begin. The full hard drive scan can take several minutes depending on the amount of software present on the user machine.
Figure 7
Once completed the file scan file can be loaded into the custom software tool (more details below).
Figure 8
Adding Software from a Hard Drive Scan
Run on the command line the Custom Software Tool from Program Files\systemhound\Utils\CustomSoftware\ ShCustom.exe on the systemhound server. Use the command line parameter IMPORT to start the custom software tool in scanned software mode.
Click on the "Scanned software" tab and then click the "Read In Disk Scan File" button, navigate to your file and click Open.
This will import the data into the Scanned Software dialog. As the full hard drive scan will also discover software that is already being reported by systemhound using the default methods, the Custom Software Tool automatically detects these and does not display them. By default, software found in the Recycle Bin, in Temp folders or called setup.exe will also not be shown. You can uncheck these three options if you really want to see software found here, but it is recommended you leave these options selected.
You now need to select the software you wish to add to custom detection. The software is displayed sorted by manufacturer, and the filename is shown using environment variables where possible, e.g. %ProgramFiles%, %windir%, %localdrive%, etc. Use the Ctrl + Shift keys to multi-select items.
Once you have chosen the software you wish to add, click on Add Selected Software. This adds the software into the Current File Software Tab, removing it from the Scanned Software list. Click on the Current File Software tab to see your list of customized software. Also displayed will be any existing custom software.
Now click on Save Custom Configuration to add the software to the list within avcustomer.db (see above).
