Analysis: Find file name in folder path (on Mac client)

bdowell · January 30, 2018, 8:26pm

I’m trying to find out what SEP version 14 (Symantec Endpoint Protection) definition (def) is currently on a Mac client.

I know the folder path is:
"/Library/Application Support/Symantec/Silo/NFM/Definitions/virusdefs/"

and that the file that I’d be looking for starts with “20” (for now it would be “2018…”, later “2019”, etc.)

I set up analysis to retrieve a property for this, using the following relevance:

name of files whose (name of it as lowercase starts with "20") of folder "/Library/Application Support/Symantec/Silo/NFM/Definitions/virusdefs/"

Unfortunately I’m not getting back any results for that part of my analysis. Suggestions on what is wrong here?

alinder · January 30, 2018, 9:56pm

We’re still using SEP 12 in my environment, which seems to store the definitions in a different place, but here’s what I use.

(name of it) of items 1 of (maximum of modification times of folders whose(name of it starts with "20") of it, folders whose(name of it starts with "20" of it) of it) whose (item 0 of it = modification time of item 1 of it) of folder "/Library/Application Support/Symantec/AntiVirus"

bdowell · January 31, 2018, 6:19pm

{ Homer Simpson }
D’oh!
{ / Homer Simpson }

Found the issue with the original code. I was looking for a FILE, should have been looking for name of folder, not file.

Once I changed to looking for name of folder, the analysis works as intended.