PDQ Inventory File and Registry Scanners

One of the new features you may have noticed in the latest PDQ Inventory Beta is the ability to scan
for files and registry entries on computers.  These scanners can be very useful, but there are some caveats and limitations that one must need to be aware of.

Defining Scanners

By default PDQ Inventory doesn’t actually do any scaning for either file or registry information. Instead, you as the administrator need to define exactly what you want to scan for.  This is purely a performance issue as all of the file and registry information on a would require hundreds of megabytes of data per computer (on my current computer it would be about 350 MB of data).  I’m sure you can imagine the issue of dealing with this much data on even a small number of computers.

In order to define what you want scanned you need to create a
Scan Profile.
A scan profile is a collection of scanners that are all run together in a single scan process. A scan profile can have multiple scanners, each getting a different subset of files or registry entries.  Out of the box, PDQ Inventory includes two scan profiles as examples, one for files and one for registry entries.

ScanProfiles

Registry Run Keys scans for all of the Run and RunOnce values on the target computer and Windows EXEs scans for all executable files in under the Windows directory.

The Windows EXEs scan profile contains only a single scanner which looks for every file with an .exe extension in %systemroot% and all child directories.

Windows EXEs file scanner

Registry Run Keys is a bit more complicated as it needs to scan several areas of the registry so it’s made up of 8 separate scanners.

Registry Run Keys Scanner

Starting a Scan

To scan a computer (or group of computers) using a scan profile other than the default you need to use the Scan with Profile menu item.

Scan with Profile

Scanning Limits

There is currently a limit of 1,000 items per scanner (not scan profile).  This is so a misconfigured scanner won’t accidentally swamp the database with too much data.  This row limit is fixed for now, but will become configurable in a future version.

Cleaning up Data

When a file or registry scanner is deleted then all of the items in the database from that scanner would become orphaned because without the scanner, there isn’t a way for the items to get updated or deleted. To prevent this, PDQ Inventory will delete files and registry items when the scanners that created them are deleted.  If more than one scanner overlaps (such as a scanner that gets C:\Windows and another that gets C:\Windows\Systtem32) then the items will only be deleted once the last scanner is deleted.

As with all of our products we hope you find these scanners to be useful and we always look forward to any feedback from users telling us how to make them work better.