I want to check installed application on all the clients with white list (approved applications), notification should be sent to the administrator when an application is installed which is not in the white list with application details.
I tried the relevance which you had given, it didn’t work. I created white list file “c:\whitelist.txt” with “unique values of names of regapps”, after this I uninstalled winrar and used “names of regapps whose ((content of file “c:\whitelist.txt” as lowercase) does not contain (name of it as lowercase))” to get the result but it showed blank, I tried “exists regapps whose ((content of file “c:\whitelist.txt” as lowercase) does not contain (name of it as lowercase))” it showed false.
When I manually remove a entry in “whitelist.txt” it will work
*will regapps will display all the program installed ?
Regapps displays all applications that registered with Windows when they installed. It will not show applications that have not been registered with windows. I suspect that for whatever reason, WinRAR does not register with Windows. You can get an idea of what regapps will return by looking at the “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths” keys in the registry.
If WinRar.exe is in your whitelist.txt then uninstalling it would not have changed the return value of the relevance. Whitelist.txt should be a list of the programs that are allowed to be installed.
Try this instead.
Uninstall Winrar on your test system.
Generate your whitelist.txt and make sure that WinRar.exe is not in it.
Run the above relevance - it should return no violations.
Now install WinRar.exe and evaluate the relevance again. WinRar.exe should show up as an application that is not on the whitelist and thus be in violation.
As a side note, whitelisting applications has never been easy with the Windows OS.