Questions and Answers about viewing Agent Logs from Detection Checks.

Release : 8.6

This information will follow the following flow: Agent Logs, followed by comments.

Policy {DF19EE9E-B565-47D5-BFF2-32A699DB834A}Adobe Acrobat DC 21.001.20145 has no valid future scheduled run time (other than logon or startup schedules). Net job item = {Index = 0, State = NotStarted, Status = Detected, LastCheckTime = 2022-12-01 09:30:00 -6:00, LastRealRunTime = 2022-10-31 06:15:01 -6:00}
-----------------------------------------------------------------------------------------------------
Date: 12/1/2022 10:39:05 AM, Tick Count: 139015 (00:02:19.0150000), Size: 559 B

I assume Detected = detection check was successful?  YES

Policy {DF19EE9E-B565-47D5-BFF2-32A699DB834A}Adobe Acrobat DC 21.001.20145 has no valid future scheduled run time (other than logon or startup schedules). Net job item = {Index = 0, State = NotStarted, Status = Detected, LastCheckTime = 2022-12-01 *10:39:12* -6:00, LastRealRunTime = 2022-10-31 06:15:01 -6:00}-----------------------------------------------------------------------------------------------------
Date: 12/1/2022 10:39:12 AM, Tick Count: 146187 (00:02:26.1870000), Size: 559 B

The LastCheckTime is the exact time of the message being logged?  The LastCheckTime is last time when the current job item was checked if it is due. This is required for the calculation of NextRunTime.  It is set/reset in so many places that without trace level logs I cannot tell from the code what caused its change, but no, it is NOT the time when the message is logged.

Policy {DF19EE9E-B565-47D5-BFF2-32A699DB834A}Adobe Acrobat DC 21.001.20145 has no valid future scheduled run time (other than logon or startup schedules). Net job item = {Index = 0, State = Started, Status = InProgress, LastCheckTime = 2022-12-01 11:08:42 -6:00, LastRealRunTime = 2022-12-01 11:08:42 -6:00}
-----------------------------------------------------------------------------------------------------
Date: 12/1/2022 11:08:41 AM, Tick Count: 1914921 (00:31:54.9210000), Size: 559 B

LastCheckTime and LastRealRunTime being in the future one second from when message is written. Plus one second is by design  - for the sake of proper handling.

Policy {DF19EE9E-B565-47D5-BFF2-32A699DB834A}Adobe Acrobat DC 21.001.20145 has no valid future scheduled run time (other than logon or startup schedules). Net job item = {Index = 0, State = Started, Status = InProgress, LastCheckTime = 2022-12-01 11:08:42 -6:00, LastRealRunTime = 2022-12-01 11:08:42 -6:00}

This sequence shows we lost the LastRealRunTime of 10/31/2022 somehow.  Is that recorded in an agent file somewhere like AeXSWDPolicy.xml? 

As mentioned above when MDP (Managed Delivery Policy) policy is removed it clears its execution state.  The state is maintained under C:\Program Files\Altiris\Altiris Agent\Agents\SoftwareManagement\data\policyguid.  It is only used for the purpose of reboot or  SMA restart. Although It is not cleared when policy goes away, it will be overwritten “from scratch” when the policy comes back.

Is LastCheckTime the time the Detection Check started or just when the agent looks last to see if the Detection Check needs to run?  Any insight into what these messages are referring to (State / Status / LastCheckTime / LastRealRunTime) would be helpful.

The LastCheckTime is last time the current job item was checked if it is due. This is required for calculation of NextRunTime  policy trigger.  The LastRealRunTime is last time the current job item was last started – required for UI. 

Possible values for state and statuses are below.

Unknown, Success, Failure, InProgress, RebootPending, Detected, Not Detected,  Not Applicable (for Detection Rule, and also Download Task) and Skipped