Cetrus Blog

Desktop entitlement compliance – “Come Armed with Usage Information”

Posted by Erik Hoogerhuis on Mar 1, 2016 12:33:06 PM

The process of verifying contractual entitlement compliance varies significantly by vendor, application/technology, and entitlement type and license activation. For our purposes, we’ll only discuss specialty desktop (downloaded) applications, with the license key being located on the desktop. Some vendors let users make from 1 to 3 copies to allow for back-up, or access on work and home workstations, or there may be only a contractual cap to the number of copies made (as in an enterprise installation).

A compliance audit’s intent is to verify that the number of software installations is less than or equal to the entitlements allowed in the contract. Keeping accurate track of software is a near impossible task:

  • Users come and go in organizations
  • Users don’t know/care about licensing restrictions 
  • Users install a copy for a project and forget to de-install it
  • Workstations are transferred to new employees
  • Employees may install a copy temporarily and forget to de-install it
  • Remote employees buy a copy off the internet without the compliance officer being aware

The net result is that the odds of failing an audit are frighteningly high.

The audit process then consists of identifying where software is actually installed and comparing the installation information to the entitlement.  Although the using organization may have its own entitlement management, or registry-reading solution, vendors will bring in their own sniffing tools.


It is in the software vendor’s interest to have sniffing tools that are accurate, but that also report false positives, meaning that the tool registers an installation even after the software has been de-installed. The de-installation process may not always remove all installation residues. Software providers that have acquired multiple companies or application titles and provide their own sniffing tools have a more difficult time verifying that de-installation is clean, or that their sniffing tools won’t report false positives. Upgrading a sniffing tool that doesn’t report false positives is typically not at the top of the development priority list.

What options does an enterprise have when the application vendor reports a false positive installation? We believe that the most cost-effective solution is to be able to provide information from a usage monitoring solution that also reports on local installations. If the application vendor’s sniffing tool reports a false positive, the enterprise can counter to show that the particular workstation in question had software de-installed, or that the software has not been used since some event occurred (perhaps the new user doesn’t need the application in question).

Placing an agent that monitors specific applications will provide a history of usage on that workstation. Agents provide ongoing proof of “lack of usage” in contrast to a registry scan, which would only show if software is installed/not installed at the time of the scan.  Usage information will also let the organization identify which licenses aren’t being used, so assets can be de-installed and moved to another location where the application is needed. In addition, agents installed on workstations where the application vendor’s software might be used will let the IT and compliance teams identify “rogue” or innocently installed software.

Using a combined agent/inventory reader also reduces the enterprise’s resource needs for accurate record keeping. Separate applications for discovery and usage mean multiple databases that need to be kept up to date and in sync. A combined usage monitoring/discovery solution will also automatically keep information up to date, when compared to periodic scans that will have gaps in data gathering.

Cetrus Process Meter includes a real-time application monitoring agent and inventory reader/data discovery tool to help organizations keep on top of their software installations. Enterprises can show both that an application was not installed, and that it wasn’t used, to counter any false positives presented by an errant sniffing tool.

Try Process Meter and see how you can get inventory of workstation application installations, as well as identify usage, to help ensure desktop audit compliance. Just send an email to and we’ll set up a no-charge trial.

Topics: Insider