ActiveX Control Inventory

(imported topic written by Aram_Eblighatian)

Attached is an analysis that will collect downloaded ActiveX control information. It will report the ActiveX control name, publisher, GUID, file, and version similarly to the manage add-ons tool provided with the later versions of IE. It’s not necessarily finalized, but please let me know how it works, and if you have additional ideas/recommendations as far as what ActiveX control information we could collect.

(imported comment written by brolly3391)

Aram,

You never fail to impress me with your skill at relevance.

One thing I do notice is that the original scan of the CLSID aread of the registry takes a very long time. You use a very clever approach to get those keys where you concatenate the names of keys in the Code Store Database\Distribution Units reg area and use contains to iterate thoguth the CLSID area looking for matches.

q: names of keys whose ((concatenation of names of keys of key “HKLM\Software\Microsoft\Code Store Database\Distribution Units” of registry as string as lowercase) contains name of it as string as lowercase) of key “HKLM\Software\Classes\clsid” of registry

A: {4EC99A0B-E57C-4fbe-B9C4-8428424FBF88}

A: {62789780-B744-11D0-986B-00609731A21D}

A: {6414512B-B978-451D-A0D8-FCFDF33E833C}

A: {6e2510e6-bf2d-4c78-9f28-2f5c8760f124}

A: {82774781-8F4E-11D1-AB1C-0000F8773BF0}

A: {8AD9C840-044E-11D1-B3E9-00805F499D93}

A: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

A: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

A: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

A: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

A: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}

A: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B}

T: 1800.282 ms

I: plural string

I propose this alternative. Instead of trolling the entire CLSID reg key looking for matches, drop the names of the Code Store Database\Distribution Units branch into the key inspector of the CLSID branch.

q: names of keys (names of keys of key “HKLM\Software\Microsoft\Code Store Database\Distribution Units” of registry) of key “HKLM\Software\Classes\clsid” of registry

A: {4EC99A0B-E57C-4FBE-B9C4-8428424FBF88}

A: {62789780-B744-11D0-986B-00609731A21D}

A: {6414512B-B978-451D-A0D8-FCFDF33E833C}

A: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124}

A: {82774781-8F4E-11D1-AB1C-0000F8773BF0}

A: {8AD9C840-044E-11D1-B3E9-00805F499D93}

A: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

A: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

A: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

A: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

A: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}

A: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B}

T: 1.168 ms

I: plural string

Cheers,

Brolly

(imported comment written by BenKus)

Hey Brolly,

Would you mind posting an updated property that goes much faster?

Ben

(imported comment written by MrFixit)

The advantage of the way Aram had it originally is that it would be avoiding an result and report if there is nothing to report on. Probably can wrap it with an “exists” check to avoid the error and keep the speed but I didn’t spend any more time on it.

-Gary

(imported comment written by SystemAdmin)

I just found this thread today. After importing the Analysis, we are seeing the a result of “error” on some clients and others are showing “multiple results, error”, still others are reporting back just fine. The underlying error is “singular expression refers to a nonexistant object”.

(imported comment written by SystemAdmin)

This is similar in format to Aram’s code but runs 6 times faster (as the CLSID is only done once) in my tests 107ms vs 660ms.

items 0 of it whose (item 1 of it as lowercase contains item 0 of it as lowercase ) of (names of keys of key “HKLM\Software\Microsoft\Code Store Database\Distribution Units” of registry, it) of (concatenation “” of (names of keys of key (“HKLM\Software\Classes\clsid”) of registry))