Why do some applications have a blank file name?
When looking at reports that include application names you may encounter some files that only have a file hash populated.
File hashes are reported to the Arellia server during the initial phase of resource discovery by Application Action events.
Application Action events are sent to the Arellia server according to the interval configured in the Application Control Agent Configuration Policy located under Settings > Agents/Plug-ins > Arellia > Application Control > Application Control Agent Configuration
In order to show other file details, the File Agent Discoverer should be enabled:
- From the Arellia Console click on Configuration
- Navigate to Settings > Arellia > Infrastructure > Resource Discovery > Resource Discovery Agents
- Right-click File Agent Discoverer and Select Enable
For full application details to be populated the full loop of resource discovery needs to run. The gathering of detailed file information is split up into 3 steps in order to make events streamlined and scalable.
These steps in order are listed below. If desired you can reduce the configured intervals within the respective policies to speed up the resource discovery process. You should take the size of your environment (in particular your managed endpoint count) into consideration when tweaking the policy intervals.
- File Inventory (Default Interval: Once daily)
- This is done when an application executes or upon the File Inventory scheduled interval
- The file hash and location is gathered locally on the client and the file hash sent to the SMP server
- Settings for this step are configured by the Default File Inventory Policy located under Settings > Agents/Plug-ins > Arellia > File Inventory > Settings
- Resource Discovery Update (Default Interval: Every 30 minutes)
- Any hash that does not have resource details is scheduled to be discovered for one machine
- We optimize the client and server load by only assigning one system to gather that detail
- Settings for this step are configured by the Resource Update task located under Settings > Arellia > Infrastructure > Resource Discovery
- Agent Resource Discovery (Default Interval: Every 12 hours)
- Agents will pull down their jobs and determine what files need details to be discovered.
- Settings for this step are configured by the Default Resource Discovery Agent Policy located under Settings > Agents/Plug-ins > Arellia > Resource Discovery Agent Configuration
The Default File Inventory Policy uses the Default File Specification filter to determine which files will be reported back to the server.
The Default File Specification Filter only includes Program File Executables found in the following directories:
- Program Files
- Program Files (X64 on Win32)
- Windows Directory
- Windows\SysWOW64
- Windows\System32
With the Temporary Files and Documents and Settings folders explicitly excluded.
If you wish to report full file details for files that are not located in these directories (such as directories off the root of C:\ or applications run from the Desktop) you will need to modify the file specification filter that the Default File Inventory Policies uses.
For example, you could use a file specification filter that includes all executable files located on directories on all local drives:
Â