Forum Discussion
Threat & Vulnerability Management Software inventory
- Jul 15, 2019
Andrew Emmett wrote:
Hi there
Does anyone know how long it takes for inactive machines to be removed from the Threat & Vulnerability Management Software inventory section. In my organisation (an educational establishment), we re-image out PC inventory every year during the summer and normally update about 4,000 PC's to the next suitable build of Windows 10, in this case 1803>1903. This is probably bad practice, but we don't off-board the PC's because we will just be on-boarding them again and its time consuming to off-board the devices. When the re-imaged machines come online again, they are automatically re-on-boarded and we tolerate the duplicate machines for the 7 days it takes them to become inactive.
Now the issue. In Threat & Vulnerability Management > Software inventory, the inactive devices are still bring counted in 'Exposed machines' and there doesn't seem to be a way to filter them out. I've been patiently waiting for a few weeks, but the machines haven't dropped out yet. This means that I'm seeing 7,000+ machines, about half of which are clean, but the stats & graphs don't reflect the status of the environment. I'm assuming that this is because it's still counting inactive machine records.
Anyone else seen or having this issue?
Thanks
Andy
machines are removed from TVM after 30d of inactivity.
Hi Andrew Emmett.
I came across the same doubt last week.
After some (a lot) of research I was able to find the information below:
Information regard the Risk Level for the machine: 5-10 minutes to update in the WDATP Console
Information regard the Security Assessment: 2-4 hours to update in the WDATP Console
The information is collected by the ATP sensor in real time but the console takes a little to kick off the update values as described above. Sadly I was browsing in a private tab so I do not have the link for this information right now but I've been searching for it and soon I find it I`ll update my response.
Hope it helps.
IL
- Igor LysenkoJul 15, 2019Copper Contributor
Hey, Andrew Emmett.
I see. My mistake.
Just to clarify the amount of time it takes will depends how you data retention is configured. Can take 30 up to 180 days until inactive machine get removed from the portal.
Regards,
IL