Questions and Answers about viewing Agent Logs regarding Detection Checks

ITMS 8.x

This information will follow the Agent Logs flow, followed by comments:

Policy {DF19EE9E-B565-47D5-BFF2-32A699DB834A}Adobe Acrobat DC 21.001.20145 has no valid future scheduled run time (other than logon or startup schedules). Net job item = {Index = 0, State = NotStarted, Status = Detected, LastCheckTime = 2022-12-01 09:30:00 -6:00, LastRealRunTime = 2022-10-31 06:15:01 -6:00}
-----------------------------------------------------------------------------------------------------
Date: 12/1/2022 10:39:05 AM, Tick Count: 139015 (00:02:19.0150000), Size: 559 B

I assume Detected = detection check was successful?  YES

Policy {DF19EE9E-B565-47D5-BFF2-32A699DB834A}Adobe Acrobat DC 21.001.20145 has no valid future scheduled run time (other than logon or startup schedules). Net job item = {Index = 0, State = NotStarted, Status = Detected, LastCheckTime = 2022-12-01 *10:39:12* -6:00, LastRealRunTime = 2022-10-31 06:15:01 -6:00}-----------------------------------------------------------------------------------------------------
Date: 12/1/2022 10:39:12 AM, Tick Count: 146187 (00:02:26.1870000), Size: 559 B

The LastCheckTime is the exact time of the message being logged?  The LastCheckTime is the last time when the current job item was checked if it is due. This is required for the calculation of NextRunTime.  It is set/reset in so many places that without trace level logs you cannot tell from the code what caused its change, but no, it is NOT the time when the message is logged.

Policy {DF19EE9E-B565-47D5-BFF2-32A699DB834A}Adobe Acrobat DC 21.001.20145 has no valid future scheduled run time (other than logon or startup schedules). Net job item = {Index = 0, State = Started, Status = InProgress, LastCheckTime = 2022-12-01 11:08:42 -6:00, LastRealRunTime = 2022-12-01 11:08:42 -6:00}
-----------------------------------------------------------------------------------------------------
Date: 12/1/2022 11:08:41 AM, Tick Count: 1914921 (00:31:54.9210000), Size: 559 B

LastCheckTime and LastRealRunTime being in the future one second from when message is written. Plus one second is by design  - for the sake of proper handling.

Policy {DF19EE9E-B565-47D5-BFF2-32A699DB834A}Adobe Acrobat DC 21.001.20145 has no valid future scheduled run time (other than logon or startup schedules). Net job item = {Index = 0, State = Started, Status = InProgress, LastCheckTime = 2022-12-01 11:08:42 -6:00, LastRealRunTime = 2022-12-01 11:08:42 -6:00}

This sequence shows the LastRealRunTime of 10/31/2022 was lost somehow.  Is that recorded in an agent file somewhere like AeXSWDPolicy.xml? 

As mentioned above when the MDP (Managed Delivery Policy) policy is removed it clears its execution state.  The state is maintained under C:\Program Files\Altiris\Altiris Agent\Agents\SoftwareManagement\data\policyguid.  It is only used for the purpose of reboot or SMA restart. Although It is not cleared when the policy goes away, it will be overwritten “from scratch” when the policy comes back again.

Is LastCheckTime the time the Detection Check started or just when the agent looks last to see if the Detection Check needs to run?  Any insight into what these messages are referring to (State / Status / LastCheckTime / LastRealRunTime) would be helpful.

The LastCheckTime is last time the current job item was checked to see if it is due. This is required for calculation of the NextRunTime policy trigger.  The LastRealRunTime is last time the current job item was last started – it is required for the UI. 

Possible values for state and statuses are below.

• Unknown
• Success
• Failure
• InProgress
• RebootPending
• Detected
• Not Detected
• Not Applicable (for Detection Rule and also Download Task)
• Skipped