How come a previously discovered asset will not be discovered on subsequent scans, disappear from my unmanaged assets list only to appear on a new scan?

Any number of things could cause this behavior – for example:

1) The asset has been deleted and ignoredeletedassets is set to 1 in the registry (HKLM\SOFTWARE\BigFix\Enterprise Server\AssetDiscovery\NMAP)

2) The asset has become managed, then unmanaged from scan to scan.

3) Firewall policies changed on said workstations from scan to scan.

If you scan one asset that is unmanaged – that asset will be stored in the database and appear in the unmanaged assets table. If you scan the same asset when it is down (e.g. that IP is unresponsive to ping), it will still persist in the unmanaged asset table. If the asset is scanned once again, it will again, still remain in the table but have an updated last scan time.

Why does this unmanaged asset appear/disappear on subsequent scan reports and in the console?

As previously stated – it might be due to a number of possible issues. For example, endpoint has firewall disabled, you scan and it shows up. If you turn on the endpoint's firewall, scan again, nmap gets confused and thinks its managed asset – therefore removed from table – flip off the firewall, scan again, and it shows up once more.

Is there a way to keep all discovered unmanaged assets within a certain timeframe in the BES database?

Assets that are determined to be managed or that are deleted by the user will not persist in the database. Currently there is not a setting to persist assets for a timeframe regardless of state – the closest you can get is to set filteroutclients to 0 (both managed and unmanaged assets will appear) and set ignoredeletedassets to 0 ( this is 0 by default – when you delete an asset, it will re-appear on subsequent scans). These settings can be found here: HKLM\SOFTWARE\BigFix\Enterprise Server\AssetDiscovery\NMAP.

For more information on Asset Discovery and how it works – check out these internal wiki links: