2 Replies Latest reply on Dec 4, 2017 2:24 PM by Paul Hecker

    Compliance Finding Software That Is Not Installed

    Paul Hecker
      Share This:


      I'm working with BCM 12.1.  I am running compliance to track the rollout of a software update to Skype.


      In my compliance rule, I am using the KB number and the word "Skype" as criteria, that the scanned software name must contain both.  The rule works fine but I saw one erroneous entry that jumped out at me.  Compliance reported that the update was loaded on my Windows 2012 R2 Domain Controller, even though the update was not listed in the software inventory on BCM.  In reviewing the server itself, the update was not present in Control Panel > Programs and Features or Control Panel > Programs and Features > View Installed Updates.


      What I found is that there are entries in the Windows registry that met the compliance criteria, specifically under


      [HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]

      [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]

      [HKEY_USERS\S-1-5-21-9999947804-9999964849-9999927064-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]


      My theory is that at some point the package was deployed to the server and removed.  My concern is that endpoints might report as having a package successfully installed when in fact the package was removed.


      My question is, can anyone tell me what Compliance, or BCM in general, is looking at when it is reviewing the software inventory and is there a way to improve my compliance results?


      Thank you for your help.