written by ivynash)
Hi,
I want to check installed application on all the clients with white list (approved applications), notification should be sent to the administrator when an application is installed which is not in the white list with application details.
regards,
ivy
written by brolly3391)
Hello Ivy,
You might consider using the regapps inspector to help with this along with a distributed whitelist file.
For instance, your whitelist file might be c:\whitelist.txt and it might contain the following list of whitelisted applications.
Acrobat.exe
acrodist.exe
BESClient.exe
BESConsole.exe
and the relevance to detect regapps that were not in the whitelist file would look something like this:
names of regapps whose ((content of file “c:\whitelist.txt” as lowercase) does not contain (name of it as lowercase))
or
exists regapps whose ((content of file “c:\whitelist.txt” as lowercase) does not contain (name of it as lowercase))
You could use those two items to set up an analysis and then use web reporting to send off an E-mail report whenever a client violates the whitelist.
Cheers,
Brolly
written by ivynash)
Hi Brolly,
I tried the relevance which you had given, it didn’t work. I created white list file “c:\whitelist.txt” with “unique values of names of regapps”, after this I uninstalled winrar and used “names of regapps whose ((content of file “c:\whitelist.txt” as lowercase) does not contain (name of it as lowercase))” to get the result but it showed blank, I tried “exists regapps whose ((content of file “c:\whitelist.txt” as lowercase) does not contain (name of it as lowercase))” it showed false.
When I manually remove a entry in “whitelist.txt” it will work
*will regapps will display all the program installed ?
written by brolly3391
Hello Ivy,
Regapps displays all applications that registered with Windows when they installed. It will not show applications that have not been registered with windows. I suspect that for whatever reason, WinRAR does not register with Windows. You can get an idea of what regapps will return by looking at the “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths” keys in the registry.
If WinRar.exe is in your whitelist.txt then uninstalling it would not have changed the return value of the relevance. Whitelist.txt should be a list of the programs that are allowed to be installed.
Try this instead.
Uninstall Winrar on your test system.
Generate your whitelist.txt and make sure that WinRar.exe is not in it.
Run the above relevance - it should return no violations.
Now install WinRar.exe and evaluate the relevance again. WinRar.exe should show up as an application that is not on the whitelist and thus be in violation.
As a side note, whitelisting applications has never been easy with the Windows OS.
Cheers,
Brolly