I'm hoping someone can clear this up for me.
We're trying to do some light asset management related work.
So I did a scan on a pc of ours (it was actually of a network, but I'm going to focus on one host in this example). The host came up with a Information Gathered item -> "SKYPE Peer-to-peer Software Installed" (not the only IG item), and yet in the 'Installed Applications Enumerated From Windows Installer" entry, Skype isn't listed as an installed application. That discrepancy is not such a big problem here.
The problem, however, is that it doesn't show up in the Assets -> Application Data tab or in the Asset Management module. I would expect Qualys to somehow incorporate this Information Gathered data (which was significant enough to warrant its own QID, since 2005) into the Assets -> Applications Data tab and Asset Management module to reflect that this application is indeed installed.
Can someone shed some light on that?
This isn't just an issue of Qualys not showing Skype or all the installed applications. I can't very well show this to other staff members/superiors and tell them "Oh it gets some things and not some other things; it's reliable sometimes and not others". This basically calls the credibility of Qualys's data into question. I mean, it made me wonder if next time we did a query based on application installed, would the returned results be correct, and what if we used the PC module and a compliance or license audit relied on it? Or would the PC module just work differently from the VM + AM module?
Is there something I missed?
Having said all this, I've had very good experience with Qualys so far, so I just hope someone can clear this up for me.Thanks very much!