We are trying to get rid of a certain “AV” system. We will call it Mend Trico. Does anyone know how the insight agent determines what software is on the system? We have some workstations where it says Mend Trico is on them but yet it has been uninstalled. I want to make sure we get this clear so we have an accurate report. Should it be a registry thing or a windows explorer thing?
Assuming this is on Windows, then the Agent fingerprints software installations either from the Registry or from executable files (but there are some caveats to this).
Typically, what you’re seeing would be caused by remnant registry keys, but there are also occasionally instances where we fingerprint an executable remaining in the file explorer post-removal, here’s an example from Flash that I found recently:
"Vulnerable software installed: Adobe Flash 10.0.32.18 (C:\\windows\\syswow64\\Macromed\\Flash\\)"
In this example the uninstaller didn’t fully clear the Flash files despite it no longer showing Add/Remove Programs, leading the Agent to still find it as installed.
I’d say we should look at this in a support case, as we can pull up the fingerprinting results for the Agent on our end and help you track down the cause.