# Understanding Collector

You must install an endpoint agent on all devices you want to connect to the Nexthink platform and allow the collection of relevant metrics.

The following sections explain the features of endpoint agents in detail. See the [Installing Collector](/platform/configuring_nexthink/bringing-data-into-your-nexthink-instance/deploying-nexthink-in-non-vdi-environment/installing-collector.md) documentation to learn which endpoint agent applies to your infrastructure scale and type, and how to configure and deploy it.

***

## VDI Client Extension

The Nexthink VDI Client Extension is a lightweight agent for endpoint devices connected to virtual desktop environments (VDIs). The extension sends only relevant data to the Nexthink instance from devices on which Nexthink Collector cannot be installed.

The Nexthink VDI Client Extension only sends relevant data while the device is connected to a VDI environment with Nexthink Collector running on it. No data is collected or sent when you are not connected or connected to a VDI environment without a Nexthink Collector running on it.

Any necessary configuration is done on the connector that is installed on the VM. The connector communicates all configuration changes to the extension that is running on the client device.

See the [VDI Experience FAQ](/platform/user-guide/vdi-experience/vdi-experience-faq.md) to find answers to common questions regarding VDI, for example, deployment scenarios.

### Metrics collected by the VDI Client Extension

The VM might expose some client information, such as:

* `client device name`
* `local ip`
* `client app version`
* `client platform`

Installing the VDI Client Extension improves the reliability and accessibility of these fields.

Furthermore, the extension provides the following performance metrics:

* `network bytes/s in/out`
* `network packets in/out`
* `network errors in/out`
* `normalized cpu usage`
* `wifi signal strength`
* `wifi transmission rate`
* `wired link speed`
* `wan latency` — This metric is available if a ping server is specified for the Collector running in the VM.

***

## Nexthink Collector

Nexthink Collector is a lightweight agent based on patented technology that gathers hardware, software and activity data from the devices within your organization. It captures and reports network connections, program executions, installations, and many other activities and properties from employee devices on which it runs. Collector also enables employee engagement through feedback retrieval, as well as remotely acting on the device when required.

It is implemented as a kernel driver and accompanying modules, offering remote and automated silent installations with negligible impact on system performance while minimizing network traffic.

{% hint style="info" %}
The [Nexthink VDI Client Extension](#download-the-extension) is included as a component in Nexthink Collector, therefore you do not need to install it separately on company-managed devices accessing virtual environments.

For **company-managed devices**, see the [Installing Collector on Windows](/platform/configuring_nexthink/bringing-data-into-your-nexthink-instance/deploying-nexthink-in-non-vdi-environment/installing-collector/installing-collector-on-windows.md) documentation to learn how to install Collector.
{% endhint %}

### How Collector works <a href="#how-collector-works" id="how-collector-works"></a>

Collector is built around a modular architecture. A central coordination module manages the connection to Nexthink and controls the lifecycle of all other modules, starting, monitoring, and restarting them as needed. Each module is responsible for a specific capability: device performance monitoring, network connectivity tracking, user session recording, software inventory, employee engagement, or remote actions.

The data Collector gathers maps directly to the namespaces you query in NQL, such as:

* `device_performance`
* `connectivity`
* `session`
* `package`
* `web`

This page lists the modules, filenames, and file paths on devices after installation, along with the registry keys and additional files created during installation.

### Collector features <a href="#collectoroverview-features" id="collectoroverview-features"></a>

* **Multiplatform**: Collector is available for both Windows and macOS operating systems.
* **CrashGuard**: Since the Windows driver is a kernel-mode component, any error in its internals or its interaction with a misbehaving third-party driver can lead to system instabilities. Even with Nexthink striving as hard as possible to deliver bug-free software, the principle of precaution holds. The CrashGuard feature, available on Windows only, detects every system crash and, by default, disables the Collector driver if the system crashes more than five times in a row after installation.
* **Reliable data delivery**: When the connection to Nexthink is temporarily unavailable, Collector does not discard data. Depending on the type of telemetry, data is buffered and retried for up to 15 minutes, or persisted locally for up to 7 days and guaranteed for delivery once connectivity is restored. A change in network interface is transparent to Collector and does not interrupt data collection.
* **On-the-fly configuration**: Applying changes to the configuration or updating Collector does not require a restart of the operating system. Changes take effect without interrupting the employee’s work.
* **Code signed software**: To load and run Nexthink Collector on Windows devices, kernel components are signed with an official Microsoft certificate. User-space components are also signed with a valid Nexthink certificate.\
  To run Collector on macOS devices, the macOS Collector is signed with Nexthink's Developer ID certificate and follows the Apple notarization process.

***

## Collector modules <a href="#collectoroverview-collectorcomponents" id="collectoroverview-collectorcomponents"></a>

The following tables list all Collector modules. File locations are in the Windows and macOS [#componentsofcollector-registrykeys-1](#componentsofcollector-registrykeys-1 "mention") sections.

### Core

<table data-full-width="true"><thead><tr><th>Module</th><th>Windows</th><th>macOS</th><th>Description</th></tr></thead><tbody><tr><td>Connectivity</td><td><code>nxtconnectivity.exe</code></td><td><code>nxtconnectivity</code></td><td>Monitors network interface state and connectivity events, available in the connectivity namespace. Available from Collector version 25.9.</td></tr><tr><td>Coordinator</td><td><code>nxtcoordinator.exe</code></td><td><code>nxtcoordinator</code></td><td>Manages the connection between the device and the Nexthink platform, and coordinates all other Collector modules</td></tr><tr><td>Core data collection</td><td><code>nxtsvc.exe</code></td><td><code>nxtsvc.app</code></td><td>Collects core device data: running processes, network connections, hardware information, and application activity. Also provides the data used in VDI environments.</td></tr><tr><td>Device Data</td><td><code>nxtcltdd.exe</code></td><td><code>nxtcltdd</code></td><td>Collects device performance metrics, CPU, memory, disk utilization, and hardware inventory, available in the <code>device_performance</code> namespace. Available from Collector version 25.7.</td></tr><tr><td>Packages</td><td><code>nxtpackages.exe</code></td><td><code>nxtpackages</code></td><td>Gathers installed software inventory with minimal performance impact, available in the package namespace. Available from Collector version 25.10.</td></tr><tr><td>Sessions</td><td><code>nxtsessions.exe</code></td><td><code>nxtsessions</code></td><td>Tracks session start/end events, logon duration, and session-level performance data, available in the session namespace. Available from Collector version 25.9.</td></tr></tbody></table>

### Application Experience

<table data-full-width="true"><thead><tr><th>Module</th><th>Windows</th><th>macOS</th><th>Description</th></tr></thead><tbody><tr><td>Application Experience</td><td><code>nxtbsm.exe</code></td><td><code>nxtbsm</code></td><td>Monitors the performance and usage of web-based business applications, such as Salesforce, SAP, and Microsoft 365, using data collected by the Nexthink Browser Extension. Results are available in the web namespace.</td></tr><tr><td>Application Experience helper</td><td><code>nxthostapp.exe</code></td><td><code>nxthostapp</code></td><td><strong>(Background service)</strong> Forwards data from the Nexthink Browser Extension to the Application Experience module</td></tr></tbody></table>

### **Employee Engagement (Campaigns)**

<table data-full-width="true"><thead><tr><th>Module</th><th>Windows</th><th>macOS</th><th>Description</th></tr></thead><tbody><tr><td>Campaigns backend</td><td><code>nxteufb.exe</code></td><td><code>nxteufb</code></td><td>Coordinates the delivery of Campaigns to employees and the collection of their responses</td></tr><tr><td>Campaigns tray</td><td><code>nxtray.exe</code></td><td><code>nxtray.app</code></td><td>Displays Campaigns and notifications to the employee</td></tr><tr><td>Campaigns tray (updated)</td><td>—</td><td><code>Engage Campaign.app</code></td><td>Displays Campaigns and notifications using the updated experience</td></tr></tbody></table>

### Remote Actions

<table data-full-width="true"><thead><tr><th>Module</th><th>Windows</th><th>macOS</th><th>Description</th></tr></thead><tbody><tr><td>Campaigns trigger</td><td><code>nxtcampaignaction.dll</code></td><td>n/a</td><td><strong>(Background service)</strong> Allows remote action scripts to trigger Campaigns on the device</td></tr><tr><td>Data on demand</td><td><code>nxtdatasrv.exe</code></td><td><code>nxtdatasrv</code></td><td><strong>(Background service)</strong> Provides on-demand device data to the Nexthink AI troubleshooting agents. Available from Collector 26.3.</td></tr><tr><td>Remote Actions engine</td><td><code>nxtcod.exe</code></td><td><code>nxtcod.app</code></td><td>Executes remote actions sent from the Nexthink platform and returns the results</td></tr></tbody></table>

### AI Drive

<table data-full-width="true"><thead><tr><th>Module</th><th>Windows</th><th>macOS</th><th>Description</th></tr></thead><tbody><tr><td>AI Drive</td><td><code>nxtcltic.exe</code></td><td>n/a</td><td>Captures data about employee interactions with AI assistants in Microsoft Teams. Available from Collector version 25.8.</td></tr></tbody></table>

### VDI Experience

<table data-full-width="true"><thead><tr><th>Module</th><th>Windows</th><th>macOS</th><th>Description</th></tr></thead><tbody><tr><td>VDI Client Extension</td><td><code>nxtdvc64.dll</code> / <code>nxtdvc32.dll</code></td><td>—</td><td>Delivers VDI-specific client metrics when a device is connected to a virtual desktop environment. Provides additional device attributes in Citrix environments.</td></tr></tbody></table>

### Background services

<table data-full-width="true"><thead><tr><th>Module</th><th>Windows</th><th>macOS</th><th>Description</th></tr></thead><tbody><tr><td>Child session manager</td><td><code>nxtcupm.exe</code></td><td>n/a</td><td><strong>(Background service)</strong> Manages per-user-session modules</td></tr><tr><td>User session monitor</td><td><code>nxtusm.exe</code></td><td><code>nxtusm</code></td><td><strong>(Background service)</strong> Collects user activity data within each interactive session</td></tr></tbody></table>

### Updates

<table data-full-width="true"><thead><tr><th>Module</th><th>Windows</th><th>macOS</th><th>Description</th></tr></thead><tbody><tr><td>Automatic updates</td><td><code>nxtupdater.exe</code></td><td><code>nxtupdater.app</code></td><td>Handles automatic Collector updates</td></tr><tr><td>Critical security updater</td><td><code>nxtcssu.exe</code></td><td>—</td><td>Handles urgent security and stability updates</td></tr></tbody></table>

### Diagnostics

<table data-full-width="true"><thead><tr><th>Module</th><th>Windows</th><th>macOS</th><th>Description</th></tr></thead><tbody><tr><td>Diagnostic reporter</td><td><code>nxtreporter.exe</code></td><td><code>reporter</code></td><td>Generates a diagnostic bundle for troubleshooting. Used when requested by Nexthink Support.</td></tr><tr><td>Configuration tool</td><td><code>nxtcfg.exe</code></td><td>n/a</td><td>(Windows only) Command-line tool for inspecting and modifying Collector configuration</td></tr></tbody></table>

### Kernel components — Windows only

<table data-full-width="true"><thead><tr><th>Module</th><th>Windows</th><th>macOS</th><th>Description</th></tr></thead><tbody><tr><td>Main kernel driver</td><td><code>nxtrdrv.sys</code></td><td>n/a</td><td><strong>(Kernel component)</strong> Low-level driver for monitoring process and file activity</td></tr><tr><td>Network kernel driver</td><td><code>nxtrdrv5.sys</code></td><td>n/a</td><td><strong>(Kernel component)</strong> Low-level driver for capturing network traffic</td></tr><tr><td>User activity library</td><td><code>nxtdll.dll</code></td><td>n/a</td><td><strong>(Kernel component)</strong> Injected library for monitoring user activity signals</td></tr></tbody></table>

### Deprecated modules <a href="#componentsofcollector-registrykeys" id="componentsofcollector-registrykeys"></a>

<table data-full-width="true"><thead><tr><th>Module</th><th>Windows</th><th>macOS</th><th>Deprecated since</th><th>Notes</th></tr></thead><tbody><tr><td>Diagnostic reporter (legacy)</td><td><code>nxtreporter.exe</code></td><td>n/a</td><td>—</td><td>Replaced by the reporter script</td></tr></tbody></table>

***

## Installation details <a href="#componentsofcollector-registrykeys" id="componentsofcollector-registrykeys"></a>

### Windows Collector

The following table lists the files installed on Windows and their locations.

<table data-full-width="true"><thead><tr><th width="254.75">Component</th><th width="380.5">File</th><th>Path</th></tr></thead><tbody><tr><td>Application Experience</td><td><code>nxtbsm.exe</code></td><td><code>%ProgramFiles%\Nexthink\Collector\BSM</code></td></tr><tr><td>Application Experience helper</td><td><code>nxthostapp.exe</code></td><td><code>%ProgramFiles%\Nexthink\Collector\BSM\hostapp</code></td></tr><tr><td>Application start time</td><td><code>nxtwpm.dll</code></td><td><code>%ProgramFiles%\Nexthink\Collector\Collector</code></td></tr><tr><td>Automatic updates</td><td><code>nxtupdater.exe</code></td><td><code>%ProgramFiles%\Nexthink\Collector\Coordinator</code></td></tr><tr><td>Campaigns backend</td><td><code>nxteufb.exe</code></td><td><code>%ProgramFiles%\Nexthink\Collector\Coordinator</code></td></tr><tr><td>Campaigns tray</td><td><ul><li><code>nxtray.exe</code></li><li><code>nxtray.exe.config</code></li></ul></td><td><code>%ProgramFiles%\Nexthink\Collector\Engage</code></td></tr><tr><td>Campaigns trigger</td><td><code>nxtcampaignaction.dll</code></td><td><code>%ProgramFiles%\Nexthink\Collector\RemoteActions</code></td></tr><tr><td>Configuration tool</td><td><code>nxtcfg.exe</code></td><td><code>%Windows%\System32</code></td></tr><tr><td>Coordinator</td><td><code>nxtcoordinator.exe</code></td><td><code>%ProgramFiles%\Nexthink\Collector\Coordinator</code></td></tr><tr><td>Core data collection</td><td><code>nxtsvc.exe</code></td><td><code>%ProgramFiles%\Nexthink\Collector\Collector</code></td></tr><tr><td>Critical security updater</td><td><code>nxtcssu.exe</code></td><td><code>%ProgramFiles%\Nexthink\Collector\Coordinator</code></td></tr><tr><td>Diagnostic reporter</td><td><code>nxtreporter.exe</code></td><td><code>%ProgramFiles%\Nexthink\Collector\Reporter</code></td></tr><tr><td>Event log provider</td><td><code>nxteventprovider.dll</code></td><td><code>%ProgramFiles%\Nexthink\Collector\Collector</code></td></tr><tr><td>Immersive apps</td><td><code>nxtwrt.dll</code></td><td><code>%ProgramFiles%\Nexthink\Collector\Collector</code></td></tr><tr><td>Main kernel driver</td><td><code>nxtrdrv.sys</code></td><td><code>%Windows%\System32\drivers</code></td></tr><tr><td>Network kernel driver</td><td><code>nxtrdrv5.sys</code></td><td><code>%Windows%\System32\drivers</code></td></tr><tr><td>OpenSSL</td><td><code>libcrypto-1_1-x64.dll</code> / <code>libssl-1_1-x64.dll</code></td><td><code>%ProgramFiles%\Nexthink\Collector\Coordinator</code></td></tr><tr><td>Remote Actions engine</td><td><code>nxtcod.exe</code></td><td><code>%ProgramFiles%\Nexthink\Collector\Coordinator</code></td></tr><tr><td>Remote Actions library</td><td><code>nxtremoteactions.dll</code></td><td><code>%ProgramFiles%\Nexthink\Collector\RemoteActions</code></td></tr><tr><td>User activity library</td><td><code>nxtdll.dll</code></td><td><code>%ProgramFiles%\Nexthink\Collector\Collector</code></td></tr><tr><td>VDI Client Extension</td><td><code>nxtdvc64.dll</code> / <code>nxtdvc32.dll</code></td><td><code>%ProgramFiles%\Nexthink\Collector\Plugins</code></td></tr></tbody></table>

#### Registry keys <a href="#componentsofcollector-registrykeys" id="componentsofcollector-registrykeys"></a>

During installation, Collector creates the following keys in Windows Registry:

```
HKEY_CLASSES_ROOT\nxtrayproto
HKEY_LOCAL_MACHINE\SOFTWARE\Nexthink\Collector
HKEY_LOCAL_MACHINE\SOFTWARE\Nexthink\Collector\AppStartTime
HKEY_LOCAL_MACHINE\SOFTWARE\Nexthink\DN
HKEY_LOCAL_MACHINE\SOFTWARE\Nexthink\RebootMarker
HKEY_LOCAL_MACHINE\SOFTWARE\Nexthink\RemoteActions
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Nexthink Collector
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nexthink Coordinator
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nexthink Coordinator\params
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nexthink Coordinator\Modules\COD
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nexthink Coordinator\Modules\EndUserFeedback
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nexthink Coordinator\Modules\Updater
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Nexthink Service
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Nexthink Service\runtime_stats
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\nxtrdrv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\nxtrdrv\params
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\nxtrdrv5
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\nxtrdrv5\Parameters\Wdf
HKEY_LOCAL_MACHINE\SYSTEM\Nexthink\Updater
HKEY_USERS\S-1-5-21-[X-X-X-X]\SOFTWARE\NEXThink\NxTray
```

#### Log files

Each Collector module writes the following logs to `%windir%`, named after the module binary, with up to two rotated backups (`.1.log` and `.2.log`). Tray application logs are written to `%temp%`.

* `%windir%\nxtsvc.log`
* `%windir%\nxtcoordinator.log`
* `%windir%\nxteufb.log`
* `%windir%\nxtcod.log`
* `%windir%\nxtupdater.log`
* `%temp%\nxtray.log`
* `%temp%\nxtray.log.<timestamp>`

Windows creates a cached copy of the kernel drivers in folders named after the driver, followed by a unique version identifier, under the following path:

* `%windir%\System32\DRVSTORE`

### macOS Collector <a href="#componentsofcollector-maccollector" id="componentsofcollector-maccollector"></a>

All macOS Collector modules are installed in `/Library/Application Support/Nexthink`. For the full list of module binaries, see the Collector modules table above. The `config.json` file in that directory contains the installed Collector version, live connection status, enabled features, and runtime configuration including assignment tags and privacy settings.

#### Log files <a href="#componentsofcollector-files" id="componentsofcollector-files"></a>

System-level module logs are in `/Library/Logs/`, named after the module binary, such as `nxtcoordinator.log` or `nxtcod.log`. Per-user logs are in `/Users/{username}/Library/Logs/`, using the format `{module}.{userID}.log`.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.nexthink.com/platform/configuring_nexthink/bringing-data-into-your-nexthink-instance/deploying-nexthink-in-non-vdi-environment/installing-collector/collector-overview.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.