Client Management Suite

I have a Reflections program that has been uninstalled on about 2000 machines. On maybe 100 of them it still shows installed even though there is no mention of it in the registry under HKLM\Microsoft\Windows\Current Version\Uninstall.

Does Altiris look at specific registry keys to see if something is installed? Just wondering if maybe there's a key I can delete so that it will stop reporting back that it's still on there.

I realize that was a pretty generalized post so if there are ANY questions I can answer to clarify what's going on please let me know.

Thanks ahead of time guys.

Hi Matt Damon:

If you are running a differential software inventory, take into account that the information sent to the NS is just the list of the "currently" installed software: no information of uninstalled software is send to the NS. This means that if a piece of software has been uninstalled, it will not be "removed" from the list of installed software in the current machine when differential software inventory is executed. You must wait until the next full software inventory execution to see the software removed in the NS Console.

This is a known issue that's slated to be fixed in 7.5.

Edit this file:

"C:\Program Files\Altiris\Altiris Agent\Agents\SoftwareManagement\data\softwarecache.xml"

Do you see your references to Reflection?  If so, delete or rename that file and then run a software inventory again.  Is the reference gone?

This bug has hit us pretty hard so we resorted to deleting the file regularly on our computers via a policy and then running inventories to keep the DB fresh.

Matt,

Yes, inventory does check the registry for software install state.  It also checks a few more things.

It all boils down to how you installed this software application.  If you installed the software using a managed software delivery policy, with a compliance scan, you will have the issue that HighTower detailed.  If you did not install this software through a managed software delivery policy, inventory scans should be picking up the installed or not state.

Remediation:

1. Modify the managed software delivery policy compliance scan to daily.
2. Set the remediation action to remediate on a schedule for 1/1/2030.

The remediation steps I provided assume you're using a compliance rule on your software resource. Such as MSI product code, or some other method that checks if the software is installed or not.  You could do a registry key exists rule.

Steps to reproduce:

Machine A:

1. Install Reflections using a managed software delivery policy.  The software resource should have a compliance check set, such as the MSI product code.
2. Run an inventory scan.  Delta or Full inventory does not matter.
3. Check the SoftwareCache.xml file is populated with installed state.
4. SMP server reports should now show software as installed.
5. Remove software from machine A.
6. Run an inventory scan.  Delta or Full inventory does not matter.
7. Notice SoftwareCache.xml is not updated.  Your reports should also show the software as installed, although it's been removed.

Machine B:

1. Install Reflections using the manufacturers installer manually on machine B.
2. Run an inventory scan.  Delta or Full inventory does not matter.
3. Check the SoftwareCache.xml file is populated with installed state.
4. SMP server reports should now show software as installed.
5. Remove software from machine B.
6. Run an inventory scan.  Delta or Full inventory does not matter.
7. Notice SoftwareCache.xml IS updated.
8. You can wash, rinse, and repeat this process on machine B and each time you should see accurate installed results.

Further Details:

When a compliance check runs on a client it will report the results back up to the SMP server in the form of an event.  This will then create an entry in the Inv_InstalledSoftware table for the software resource.  If the compliance check found the software installed it populates the installflag column with a 1.  If the compliance check finds the software not installed it populates the installflag with a 0.

At this point software management solution seems to “own” this inventory. The compliance scan is the only mechanism that can now update this table.  If you remove the software resource from the client, you could set your managed software policy to just check compliance and run remediation far into the future.  When the client runs this compliance check it will send the compliance event up to the SMP for this software as not installed (installflag=0) and properly update the table.

Inventory solution seems to “own” the inventory reporting only if you install the software resource through the software manufacturers installer and not through a managed software policy.  You can then freely remove the application from the client, run an inventory scan, and the softwarecache.xml is updated properly.  Therefore, updating the installflag=0 in the database.

Thanks for all the replies guys.

I had dealt with the softwarecache.xml bug for a while and completely forgot about it. I setup a task to run tonight to delete them and then follow up with an invsoln full inventory.

Reflections in this scenario is installed during the post portion of the image process. So the task is basically stripping it from any machine saying it still has it. I did find the orphaned registry keys under the Uninstall portion of the registry. I have been cleaning some up with that but hopefully between these two it cleans up. I have to admit I have been kind of disappointed with the inventorying of this version.

Thanks again guys!

I believe v6 rollup fixed the issue with the delta inventory.  

If an application is uninstalled, delta inventory is ran, Inv_AddRemoveProgram table still shows the aplication, but the InstallFlag is set to 0.