Configuring Asset Management › Collection Modules › Device Compliance Scanner (DCS) › Checklists Bundled with This Release

Checklists Bundled with This Release

The following checklists are bundled with this release:

• Windows XP checklist
• Windows Vista checklist
• Windows XP Firewall checklist
• Windows Vista Firewall checklist
• IE7 checklist

For more information about these checklists, go to http://nvd.nist.gov/fdcc/index.cfm.

Note: If the checklists are valid SCAP data streams, the scanner can also process additional checklists.

How Checklists Are Distributed

When DCS scans an agent computer, it requires the SCAP checklists to be present on the agent computer. The following process explains how the checklists are distributed automatically to the agent computers and the actions to take for the automatic distribution of the checklists:

1. When DCS is installed on the domain manager, the Client Automation installer copies the bundled FDCC checklists to the ITCM_installpath\SCAP_Checklists directory on the domain manager.

   Note: If you have custom or updated checklists, manually copy them to a new directory under SCAP_Checklists directory.

2. The DSM engine runs the Default SCAP Checklist Processing Job to perform the following tasks:
   • Monitor the SCAP_Checklists directory in the domain manager for new or updated checklists
   • Package the new or updated checklists in compressed archive files, digitally sign them to prevent data tampering, and save them under the \Documents and Settings\All Users\Application Data\CA\scap_checklists directory.
   • Update the MDB with the list of the new and updated checklists.
   • Create or update inventory detection modules for new or updated checklists respectively.
3. The DSM engines run the engine collect task to push the compressed archive files of the new or updated checklists to the scalability servers.
4. The agent runs the hardware inventory collect task that is configured to scan the checklists, pulls the required compressed archive files of the new or updated checklists from the scalability server, and stores them on the agent computer.
5. The agent verifies the signature on the compressed archive files. If it is unable to verify the signature, a log entry is added to the TRC_AMAGENT*.log file.

   If the signature verification failed because of a change in the DSM basic host identity certificate, redistribute the checklist files.

Note: To distribute the checklist files to the scalability servers, you must set the Distribute SCAP checklists to Scalability Servers configuration policy to True. This policy, which is set to False by default, is under Configuration Policy, Default Computer Policy, DSM, Manager, Engines in the DSM Explorer tree.