Checking for Symantec service and version >=11

Hopefully the title says but we are trying to find servers that are out of compliance so they can be upgraded. I am running this against ~7800 and it seems to fail on ~5700 servers. We feel that this number should be less than 1000.

This is the code that works in the Fixlet Debugger and passes on some but not the others even though they have version 11 or greater?

not exists (running service “SepMasterService”) whose (version of it >= “11”)

Any input would be greatly appreciated.

Thank

I would recommend creating an analysis for this if you do not already have one to debug many of the possibilities. Make sure to set the report period for the analysis properties to once every 1 hour or less often. (once every 6 hours is what I would normally recommend)

This is related: https://bigfix.me/analysis/details/2994621

Here are some example properties that would be useful to debug this issue:

versions of services "SepMasterService"
exists running services "SepMasterService"
exists versions whose(it >= "11" as version) of services "SepMasterService"
2 Likes

Think of the Fixlet Debugger of the way to test relevance locally, and an analysis as the way to test relevance remotely.

Start local, get things working, then put it into an analysis to see how it works on all systems.

Also, the huge benefit of an analysis is that you can get back the actual data rather than just true/false. You should have an analysis property return the raw data that is used to build the true/false results so that you can really see what is going on.

We support multiple Operating Systems running SEP, and we needed to know which versions were installed (among other properties). We created an Analysis with a Property called SEP Version with the following Relevance (we’re going to need to add Linux clients to it soon) …

IF (Windows of Operating System) THEN (if (exists key "HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps" of registry) then ((if (exists value "SAVCE" of it AND exists file "rtvscan.exe" of (value "SAVCE" of it as folder)) then (version of file "rtvscan.exe" of (value "SAVCE" of it as folder) as string) else (if (exists value "SAVCE" of it AND exists file "rtvstart.exe" of (value "SAVCE" of it as folder)) then (version of file "rtvstart.exe" of (value "SAVCE" of it as folder) as string) else "Not Installed")) of key "HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps" of registry) else "Not Installed") ELSE (IF (Mac of Operating System) THEN IF (exists application whose (name of it as string as lowercase contains "symantec endpoint protection")) THEN (string "CFBundleShortVersionString" of dictionary of file ((pathname of application whose (name of it as string as lowercase contains "symantec endpoint protection")) & "/Contents/info.plist") as string) ELSE ("Not Installed") ELSE (nothing))