Hi All I am a newbie to BigFix and unsuccessfully trying to run relevance to check computer for installed application and checking against display name and version, So far I have following :
(exists key “HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall” whose (exists values ( whose (name of it = “DisplayName” AND it as string as lowercase = “ApplicationName” as lowercase of it) AND (whose (exists values ( whose (name of it = “DisplayVersion” AND it as string < " 11.x.x.x"))of it)of registry)
Welcome @Toros72 When posting, please use the </> tool to wrap around your sample code, otherwise the forum will convert your normal quotes to smart quotes, which makes pasting into Fixlet Debugger a real chore.
I like where you were headed with your code.
TRY this version of your code:
q: exists key "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432\Microsoft\Windows\CurrentVersion\Uninstall" whose (value "DisplayName" of it = "Application Name" AND value "DisplayVersion" of it < "11.0.0.0") of registry
Then consider this alternate version with some variations.
q: exists key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" whose (value "DisplayName" of it as string as lowercase = "Application Name" as lowercase AND value "DisplayVersion" of it as string as version< "11.0.0.0" as version) of x32 registry
Just a small reminder for when you put together your final relevance code OP.
Make sure if you use the as lowercase cast, that what your comparing it to is also lowercase. I’ve made that oops before and sat there scratching my head going “why isn’t this matching?!”
q: exists key "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432\Microsoft\Windows\CurrentVersion\Uninstall" whose (value "DisplayName" of it = "application name" AND value "" of it < "11.0.0.0") of registry
q: exists key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" whose (value "DisplayName" of it as string as lowercase = "application name" as lowercase AND value "DisplayVersion" of it as string as version< "11.0.0.0" as version) of x32 registry
Notice how I only updated the “Application Name” in the first example. The second example dosn’t require it because the “Application Name” string in the second example is also cast as lowercase.
You can safely eliminate the as lowercase after “Application Name” in the second example if the “Application Name” string you provide is already all lowercase.
It sort of works individually , when I try and combine them so it reads the Uninstall key for both the DisplayName and DisplayVersion I get a false reading ( even though should be true because I have it installed on my computer and running relevancy locally with debugger). So I am trying to get it to read following key as example : HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall and it should find DisplayName and DisplayVersion same time.
< q: exists key whose (exists value “DisplayName” whose (it as string as lowercase contains “kaspersky endpoint security for windows” of it) of it) of key “HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall” of registry
A: True
T: 1.340 ms>
and
q: exists key whose (exists value “DisplayVersion” whose (it as string as version < “11.1.0.15919” of it)of it) of key “HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall” of registry
A: True
T: 0.270 ms
How can I combine this to be simple/elegant relevancy ? So far I hit a brick wall as does not give me correct relevancy
< q: exists key whose (exists value “DisplayName” whose (it as string as lowercase contains “kaspersky endpoint security for windows” of it) of it) of key “HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall” of registry AND exists key whose (exists value “DisplayVersion” whose (it as string as version > “11.1.0.15919” of it)of it) of key “HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall” of registry
A: True
T: 2.166 ms> NOTE - this should be FALSE because I have the correct version installed and is not great than 11.1.0.15919
But it isn’t working individually - you are getting true for your query on DisplayVersion because there is a product installed with a version lower than your desired version, just not the product of interest.
Different product but:
exists keys
whose
(
exists value "DisplayName"
whose
(
it as string = "IBM BigFix Client"
)
of it
and
value "DisplayVersion" of it as string as version < "9.5.13"
)
of keys "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of
(
x32 registries; x64 registries
)
Edit: I do note that you have already been given relevance that look very similar to mine, but you persist in producing relevance where the underlying logic is wrong. If you ask for help and someone gives you a correct answer please try to understand why their relevance works and yours doesn’t - we can’t magically change Bigfix to produce the answers you want using incorrect logic.