Bypass slow WMI queries. Instantly audit installed applications across remote endpoints by directly parsing the Windows Registry. Search for specific software or pull a complete system inventory in seconds.
SEE HOW IT WORKS[UHDC] INSTALLED SOFTWARE AUDIT
[i] Querying registry hives on LAPTOP-US-4829...
> Filtering by keyword: 'Adobe'...
[UHDC SUCCESS] Found 2 installed applications.
| Application Name | Version | Publisher |
|---|---|---|
| Adobe Acrobat Reader DC | 23.003.20244 | Adobe Systems Inc. |
| Adobe Creative Cloud | 5.10.0.573 | Adobe Systems Inc. |
Standard software auditing scripts rely on WMI, which is notoriously slow and resource-intensive. This engine bypasses WMI entirely, reading the raw registry hives to deliver results instantly without impacting the user's CPU.
Explicitly avoids the Win32_Product WMI class, which triggers a hidden MSI reconfiguration check for every installed app. This prevents the massive CPU spikes and event log spam associated with legacy auditing tools.
Simultaneously queries both the 64-bit and 32-bit (Wow6432Node) Uninstall registry keys to ensure no legacy applications are missed during the audit.
Supports partial keyword matching. Instead of pulling a list of 200 applications, technicians can pass a keyword (like "VPN" or "Office") to instantly filter the pipeline and return only relevant results.
Many junior techs are taught to use wmic product get name to find installed software. However, querying the Win32_Product class is dangerous because it triggers a consistency check that can accidentally reconfigure or repair installed MSIs, causing massive CPU spikes. The training engine teaches them how to safely parse the registry instead using Sysinternals PsExec and the native reg query command.
Opening the Control Panel, navigating to 'Programs and Features' (appwiz.cpl), and scrolling through the list of installed applications.
Win32_Product triggers a Windows Installer provider that performs a consistency check on every single MSI package installed on the system. If it finds a missing shortcut or corrupted icon, it will actually attempt to repair the application in the background. This causes massive CPU spikes, fills the Application Event Log with Event ID 1035 warnings, and can take minutes to complete. Reading the registry directly takes milliseconds and is completely non-destructive.HKEY_LOCAL_MACHINE (HKLM) hive, which contains software installed system-wide (for all users). It does not query HKEY_CURRENT_USER (HKCU), as doing so over WinRM under the SYSTEM context would only return the SYSTEM account's profile, not the active user's profile.