Files & Directories Scanner
Hi!
I have a File Scanner setup to scan for a specific file.
C:\Program Files (x86)\Google\Chrome\Application\new_chrome.exe
The scanner is working perfectly. It scans and places the machines in a dynamic collection. With this data,I PDQ Deploy a package to the machines, and new_chrome.exe is deleted.
However, even after multiple rescans, the machines still stay in the dynamic collection, despite the file not being present.
Why is this? How do I fix this?
Thank you,
Jordan
1
Comments
Jordan,
Is your files & directories scanner in your default scan profile? Is your PDQ Deploy package set to scan after deployment? Which scan profile is it set to use?
Yes - it is in the default scan, as well as several other scans (Applications and a "test" which only scans for this file).
PDQ is set to scan after deployment.
Scan profile used is Applications, which also includes the file and directory scan.
Could you post a screenshot of your scanner?
>Yes - it is in the default scan, as well as several other scans
That's what's causing the problem. Each of those Scan Profiles keeps their own history of that file. In order to correctly see the changed file, you would have to run each Scan Profile that looks for that file. For this reason I recommend having only 1 Scan Profile that looks for a particular file.
Colby,
That makes sense. I’ll delete the other scan profiles entirely and keep it on the default scanner only. I’ll report back the findings.
If that doesn’t work, I’ll post the scanner screenshot as Luke requested.
This worked! Thank you very much!
Colby,
Does this principle apply to other scanners besides Files and Directories?
Thanks
Josh
Yes, the Registry scanner. PowerShell and WMI each create 1 table for each scanner, so they don't have this problem.
Right, I suspected as much and duplicated the behavior with the Registry scanner. I've gone through my scan profiles and deduplicated the files and registry scanners. Thanks for verifying.
Also, it is now possible to link a Scanner to multiple Scan Profiles: https://www.reddit.com/r/pdq/comments/iyfsku/experimental_scanners_can_be_tied_to_multiple/
Interesting. The duplicate scanners I had existed because it was faster to run a single file/registry scanner than to run the Standard scan profile (where some of my custom file/registry scanners were duplicated in). I suspect I'd either mess up the database or forget which scanners I've "linked" so I'll just avoid duplicates from now on.
It would be swell if I could "nest" a scanner in multiple profiles from the GUI. Or, at least have the scanner editor or Files/Registry panes alert me when a file/registry path is duplicated in multiple scanners.
Thanks!
I wrote Connect-PdqInventoryScanner to make this easier. It's a function that's available in PdqStuff, a PowerShell module I wrote. I would provide a link to the PowerShell Gallery, but ZenDesk keeps flagging my posts as spam when I do that.