I am wondering how to use VM to detect what application software has been installed on a host? If not able to do it, what's the best solution?
Vulnerability Management is geared toward detections against services, OS and Application versions that are vulnerable to some threat. If you are looking to see if word.exe is installed on a host, that is a compliance type scan. Our Policy Compliance module can look at the host and compare it to a Policy that you create. For instance if you wanted to ensure that some antivirus software were installed, but that some gaming software wasn't, we could look at the path you select and verify and give you a report as to whether the host is in our out of compliance.
Does this answer your question?
Thanks for comment, Jason.
It does make sense. Sounds PC model can do the thing that I am wondering. Let me describe my question in more details. For security purpose, I want to investigate a single host and want to know if it has applications such as google bar, google calendar or skype installed. Can VM or PC detect and report those?
You might want to look into creating your own OVAL check for specific application registry keys.
We've used custom OVAL checks for registry keys to identify distinct versions and revisions of our corporate laptop/desktop builds. (there are several "flavors" and revision levels of each "flavor" of build)
The short and simple answer is yes, we can detect those. We would do it via either a file existance check or a registry content check. Fairly straight forward. Either contact your TAM and they can demonstrate this function for you, or you can attend one of our training classes, qualys.com/training and learn how to setup this type of functionality (assuming you have purchased Policy Compliance).
Feel free to contact me directly if you have more questions.
we display the information in VM -->Assests-->Application you can filter by Host
The following QID will return the installed application on a Host :
yes and no Kishore. I would look at the host using an asset search and looking at the QIDs you mentioned. I have come across too many applications missing in the VM -->Assests-->Application way.
Application tab basically has what is reported by this QID's .
Right now we support only Windows and Linux Targets.
And yes you may see many application Missing because there is a limit in which how many application we report in these QID's .Initially when the feature was introduced we were reporting only 200 application .Now it has been increased to a greater number .I will get the exact Numbers how many application these QID's report and post it here soon.
Retrieving data ...