A SEP client with Application Learning feature enabled will track each and every application running on it and forward this information to the SEPM.
The SEPM processes this data and inserts parts of it into two different database tables:
- COMPUTER_APPLICATION and
- SEM_APPLICATION.
The SEM_APPLICATION table is essentially a list of all learned applications (file hash, executable file name, file path, file size, version etc).
The COMPUTER_APPLICATION table contains data on the “who”, ”what”, and “when” of Learned Applications. Essentially it is a list of when what machines encountered what applications.
Application Learning is not designed to be deployed across an environment permanently. It is designed to be deployed to specific test machines or for a short period after SEPM installation to build a list of the common applications in an environment. This list of applications can then be used to build Application-based firewall rules, or System Lockdown policies.
Leaving Application Learning enabled indefinitely will always result in the COMPUTER_APPLICATION table growing to very large sizes – multiply the number of unique executables in your environment by the number of SEP clients with Application Learning enabled and you have an idea of how many lines you can expect.
<
p>This can result in migration failures due to limitations of the Java virtual machine and SQL. You need to have these tables cleaned up as explained in the article Fix SEPM consuming high CPU resources on remote SQL DB server
