03-09-2026 11:08 AM
Hi everyone, quick question.
In my company we had several PCs with old versions of Notepad++ installed, and I created a script to remove them all via Cortex XDR .
Meanwhile, the team started installing the correct version via Microsoft System Center Configuration Manager (SCCM).
The question is: in the host-insights/apps some machines still appear as if they have the old version installed, but they actually don’t.
How long does it take for the PC to update the application inventory?
Is it necessary to force anything?
03-10-2026 06:13 AM
Hello @tlmarques,
Greetings for the day.
In Cortex XDR, the Host Inventory and application data are not updated in real-time. Here is the breakdown of how long updates take and how you can force them.
Agent Scan Cycle:
The Cortex XDR agent scans the endpoint for software changes every 24 hours. This scan is randomized upon initial execution to prevent server flooding and then runs at that same time daily.
Server Calculation:
Once the agent reports the data, the Cortex XDR server performs a recalculation of the application inventory, endpoints, and CVEs every 4 hours to update the Vulnerability Assessment and Host Insights pages.
If you need the information to reflect current changes immediately, you can trigger a manual update:
Rescan Specific Endpoints
In Vulnerability Assessment → Endpoints, select the affected machine and choose the Rescan endpoint action. This triggers an immediate scan on the agent to retrieve the latest list of installed applications.
Global Recalculate
Click the Recalculate button in the Host Inventory page to initiate a synchronization between the reported agent data and the console display.
On specific cases where Notepad++ versions continued to appear in Host Insights even after uninstallation.
If the rescan does not resolve the issue, consider the following:
Leftover Artifacts:
The scanner (often leveraging the Ivanti engine) may detect leftover files or registry keys from the old Notepad++ installation.
Scanner Discrepancy:
In some instances, the Ivanti collector might report an outdated version while the standard Windows InstalledApps.txt list shows the correct version. This often requires removing the lingering registry traces of the old version for the scanner to report accurately.
If you feel this has answered your query, please let us know by clicking like and on "mark this as a Solution".
Thanks & Regards,
S. Subashkar Sekar
03-10-2026 06:13 AM
Hello @tlmarques,
Greetings for the day.
In Cortex XDR, the Host Inventory and application data are not updated in real-time. Here is the breakdown of how long updates take and how you can force them.
Agent Scan Cycle:
The Cortex XDR agent scans the endpoint for software changes every 24 hours. This scan is randomized upon initial execution to prevent server flooding and then runs at that same time daily.
Server Calculation:
Once the agent reports the data, the Cortex XDR server performs a recalculation of the application inventory, endpoints, and CVEs every 4 hours to update the Vulnerability Assessment and Host Insights pages.
If you need the information to reflect current changes immediately, you can trigger a manual update:
Rescan Specific Endpoints
In Vulnerability Assessment → Endpoints, select the affected machine and choose the Rescan endpoint action. This triggers an immediate scan on the agent to retrieve the latest list of installed applications.
Global Recalculate
Click the Recalculate button in the Host Inventory page to initiate a synchronization between the reported agent data and the console display.
On specific cases where Notepad++ versions continued to appear in Host Insights even after uninstallation.
If the rescan does not resolve the issue, consider the following:
Leftover Artifacts:
The scanner (often leveraging the Ivanti engine) may detect leftover files or registry keys from the old Notepad++ installation.
Scanner Discrepancy:
In some instances, the Ivanti collector might report an outdated version while the standard Windows InstalledApps.txt list shows the correct version. This often requires removing the lingering registry traces of the old version for the scanner to report accurately.
If you feel this has answered your query, please let us know by clicking like and on "mark this as a Solution".
Thanks & Regards,
S. Subashkar Sekar
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
