Best practices for detecting software installations

You can use Datto RMM to monitor Windows endpoints in order to detect software installations.

EXAMPLE  In the following scenario, a customer has a number of Windows endpoints that should never have additional software installed. These endpoints may be point-of-sale devices, wallboards, library devices, and so forth.

End users may have local admin rights, and there is no way to track if additional, unwanted, or unnecessary software is being installed on the Windows endpoints. The additional software could be lowering the overall security of the endpoint or changing the device's intended use.

First, search for and download the List Software Installation Actions [WIN] component, available from the ComStore. Refer to ComStore.

Next, you can add the Windows: Software Installation Monitor best practice Monitoring policy to your policies. Refer to Best practice Monitoring policies.

IMPORTANT  Be sure to configure the target of the Monitoring policy to only target the devices to which you intend to add this Monitoring policy. By default, the policy will be added to all Windows desktops and all Windows servers.

You then need to add the List Software Installations [WIN] component you downloaded as an automatic response to the Event Log monitor contained within the software installation Monitoring policy.

Summary

You now have a monitor that will detect when a Microsoft installer (MSI)-based software installation has taken place on an endpoint. The monitor will then automatically execute the List Software Installations [WIN] component to retrieve the name of the application that was just installed.