Understanding Collector
You must install an endpoint agent on all devices you want to connect to the Nexthink platform and allow the collection of relevant metrics.
The following sections explain the features of endpoint agents in detail. See the Installing Collector documentation to learn which endpoint agent applies to your infrastructure scale and type, and how to configure and deploy it.
VDI Client Extension
The Nexthink VDI Client Extension is a lightweight agent for endpoint devices connected to virtual desktop environments (VDIs). The extension sends only relevant data to the Nexthink instance from devices on which Nexthink Collector cannot be installed.
The Nexthink VDI Client Extension only sends relevant data while the device is connected to a VDI environment with Nexthink Collector running on it. No data is collected or sent when you are not connected or connected to a VDI environment without a Nexthink Collector running on it.
Any necessary configuration is done on the connector that is installed on the VM. The connector communicates all configuration changes to the extension that is running on the client device.
See the VDI Experience FAQ to find answers to common questions regarding VDI, for example, deployment scenarios.
Metrics collected by the VDI Client Extension
The VM might expose some client information, such as:
client device namelocal ipclient app versionclient platform
Installing the VDI Client Extension improves the reliability and accessibility of these fields.
Furthermore, the extension provides the following performance metrics:
network bytes/s in/outnetwork packets in/outnetwork errors in/outnormalized cpu usagewifi signal strengthwifi transmission ratewired link speedwan latency— This metric is available if a ping server is specified for the Collector running in the VM.
Nexthink Collector
Nexthink Collector is a lightweight agent based on patented technology that gathers hardware, software and activity data from the devices within your organization. It captures and reports network connections, program executions, installations, and many other activities and properties from employee devices on which it runs. Collector also enables employee engagement through feedback retrieval, as well as remotely acting on the device when required.
It is implemented as a kernel driver and accompanying modules, offering remote and automated silent installations with negligible impact on system performance while minimizing network traffic.
The Nexthink VDI Client Extension is included as a component in Nexthink Collector, therefore you do not need to install it separately on company-managed devices accessing virtual environments.
For company-managed devices, see the Installing Collector on Windows documentation to learn how to install Collector.
How Collector works
Collector is built around a modular architecture. A central coordination module manages the connection to Nexthink and controls the lifecycle of all other modules, starting, monitoring, and restarting them as needed. Each module is responsible for a specific capability: device performance monitoring, network connectivity tracking, user session recording, software inventory, employee engagement, or remote actions.
The data Collector gathers maps directly to the namespaces you query in NQL, such as:
device_performanceconnectivitysessionpackageweb
This page lists the modules, filenames, and file paths on devices after installation, along with the registry keys and additional files created during installation.
Collector features
Multiplatform: Collector is available for both Windows and macOS operating systems.
CrashGuard: Since the Windows driver is a kernel-mode component, any error in its internals or its interaction with a misbehaving third-party driver can lead to system instabilities. Even with Nexthink striving as hard as possible to deliver bug-free software, the principle of precaution holds. The CrashGuard feature, available on Windows only, detects every system crash and, by default, disables the Collector driver if the system crashes more than five times in a row after installation.
Reliable data delivery: When the connection to Nexthink is temporarily unavailable, Collector does not discard data. Depending on the type of telemetry, data is buffered and retried for up to 15 minutes, or persisted locally for up to 7 days and guaranteed for delivery once connectivity is restored. A change in network interface is transparent to Collector and does not interrupt data collection.
On-the-fly configuration: Applying changes to the configuration or updating Collector does not require a restart of the operating system. Changes take effect without interrupting the employee’s work.
Code signed software:
To load and run Nexthink Collector on Windows devices, kernel components are signed with an official Microsoft certificate. User-space components are also signed with a valid Nexthink certificate.
To run Collector on macOS devices, the macOS Collector is signed with Nexthink's Developer ID certificate and follows the Apple notarization process.
Collector modules
This section list all Collector modules. File locations are in the Windows and macOS Installation details sections.
Core modules
The following modules are always enabled.
Coordinator
nxtcoordinator.exe
nxtcoordinator
Manages the connection between the device and the Nexthink platform, and coordinates all other Collector modules
Core data collection
nxtsvc.exe
nxtsvc.app
Collects core device data and binary executions and connections events
Device Connectivity
nxtconnectivity.exe
nxtconnectivity
Collects network interface state and connectivity metrics
Device Data
nxtcltdd.exe
nxtcltdd
Collects device performance metrics
Packages
nxtpackages.exe
nxtpackages
Collects installed software inventory
Sessions
nxtsessions.exe
nxtsessions
Tracks session start/end events, logon duration, and session-level performance data
Background services
nxtcupm.exenxtusm.exe
nxtusmnxtcupm
Manages the lifecycle of per-user-session modules
Windows kernel components
nxtrdrv.sysnxtrdrv5.sysnxtdll.dll
—
Low-level driver for monitoring process and file activity and network traffic
Diagnostics
Collector-Support-Script.ps1nxtcfg.exe
reporter
Manages Collector log collection and configuration changes
Updates
nxtupdater.exenxtcssu.exe
nxtupdater.app
Manages Collector updates
Feature related modules
The following modules are enabled based on the product licence and configuration.
Application Experience
nxtbsm.exenxthostapp.exe
nxtbsmnxthostapp
Monitors the performance and usage of web-based business applications
AI Drive
nxtcltic.exe
—
Captures AI usage metrics for AI Drive
Campaigns
nxteufb.exenxtray.exe
nxteufbnxtray.appEngage Campaign.app
Sends campaigns to employee devices and collects responses
Remote Actions
nxtcampaignaction.dllnxtdatasrv.exenxtcod.exe
nxtdatasrvnxtcod.app
Executes remote actions on user devices and sends results back to Nexthink
VDI Client Extension
nxtdvc64.dllnxtdvc32.dll
—
Collects VDI-specific client metrics
Deprecated modules
The following legacy module is deprecated and is replaced by the Diagnostic reporter:
Diagnostics module (Windows only):
nxtreporter.exe
Installation details
Windows Collector
The following table lists the files installed on Windows and their locations.
%ProgramFiles%\Nexthink\Collector\BSM
nxtbsm.exe
Application Experience
%ProgramFiles%\Nexthink\Collector\BSM\hostapp
nxthostapp.exe
Application Experience helper
%ProgramFiles%\Nexthink\Collector\Coordinator
nxtupdater.exe
Automatic updates
%ProgramFiles%\Nexthink\Collector\Coordinator
nxtcssu.exe
Automatic updates helper
%ProgramFiles%\Nexthink\Collector\Coordinator
nxteufb.exe
Campaigns backend
%ProgramFiles%\Nexthink\Collector\Coordinator
nxtcoordinator.exe
Coordinator
%ProgramFiles%\Nexthink\Collector\Coordinator
libcrypto-1_1-x64.dlllibssl-1_1-x64.dll
OpenSSL
%ProgramFiles%\Nexthink\Collector\Coordinator
nxtcod.exe
Remote Actions engine
%ProgramFiles%\Nexthink\Collector\Collector
nxtwpm.dll
Application start time
%ProgramFiles%\Nexthink\Collector\Collector
nxtdll.dll
User activity library
%ProgramFiles%\Nexthink\Collector\Collector
nxtsvc.exe
Core data collection
%ProgramFiles%\Nexthink\Collector\Collector
nxteventprovider.dll
Event log provider
%ProgramFiles%\Nexthink\Collector\Collector
nxtwrt.dll
Immersive apps
%ProgramFiles%\Nexthink\Collector\RemoteActions
nxtremoteactions.dll
Remote Actions library
%ProgramFiles%\Nexthink\Collector\RemoteActions
nxtcampaignaction.dll
Campaigns trigger
%ProgramFiles%\Nexthink\Collector\Engage
nxtray.exenxtray.exe.config
Campaigns tray
%Windows%\System32
nxtcfg.exe
Configuration tool
%Windows%\System32\drivers
nxtrdrv.sys
Main kernel driver
%Windows%\System32\drivers
nxtrdrv5.sys
Network kernel driver
%ProgramFiles%\Nexthink\Collector\Plugins
nxtdvc64.dllnxtdvc32.dll
VDI Client Extension
Registry keys
During installation, Collector creates the following keys in Windows Registry:
Log files
Each Collector module writes the following logs to %windir%, named after the module binary, with up to two rotated backups (.1.log and .2.log). Tray application logs are written to %temp%.
%windir%\nxtsvc.log%windir%\nxtcoordinator.log%windir%\nxteufb.log%windir%\nxtcod.log%windir%\nxtupdater.log%temp%\nxtray.log%temp%\nxtray.log.<timestamp>
Windows creates a cached copy of the kernel drivers in folders named after the driver, followed by a unique version identifier, under the following path:
%windir%\System32\DRVSTORE
macOS Collector
All macOS Collector modules are installed in /Library/Application Support/Nexthink. For the full list of module binaries, see the Collector modules table above. The config.json file in that directory contains the installed Collector version, live connection status, enabled features, and runtime configuration including assignment tags and privacy settings.
Log files
System-level module logs are in /Library/Logs/, named after the module binary, such as nxtcoordinator.log or nxtcod.log. Per-user logs are in /Users/{username}/Library/Logs/, using the format {module}.{userID}.log.
Last updated
Was this helpful?