About Endpoint Inventories

Endpoints generate inventories to track new and deleted applications.

To monitor endpoint inventories collected by the server, go to Logs > Query. Then, under Log type to query, select Endpoint inventory, and then look at the Inventory Received column.

About Collection Times

Endpoint Application Control collects endpoint inventories based on the following events:

Event

Reason Inventory is Collected

Agent installed

After installation, the agent performs a baseline endpoint inventory.

Interval of time passed

Periodically updating endpoint inventories ensures that audits of endpoint applications are accurate.

To configure the interval, go to the Add or Edit Policy screen and then expand User experience.

See Policies Screen and Policy User Experience.

Lockdown rule applied

Lockdown rules allow all currently-installed applications. Therefore, a complete and up-to-date endpoint inventory is required.

Immediately after deploying a Lockdown rule, the following occurs:

  1. The endpoint begins compiling an inventory of all currently-installed applications. After the inventory is compiled, it is sent to the Endpoint Application Control server, if it is available.

  2. The rule takes effect. In other words, "lockdown mode" starts.

About Collected Info

Endpoint inventories contain a list of applications on the endpoint, including the following application types:

Group

Application Type

Windows executables

  • Runtime applications

  • Executable "true file types": Scan engine examines the file header, rather than the file name, to ascertain the actual file type.

  • DLLs

Windows Store executables

  • Runtime applications

  • Web-based applications