(imported topic written by fnovento91)
Can I used this for REG_DWORD ?
value A: 498 ( hex )
Q: exists key whose (Value “A” of it = “498” ) of key “HKEY_LOCAL_MACHINE\SOFTWARE” of registry
(imported comment written by BenKus)
Is this what you are looking for:
exists (Value “A” of it = hexadecimal integer (“498”) ) of key “HKEY_LOCAL_MACHINE\SOFTWARE\keyname” of registry
Ben
(imported comment written by fnovento91)
Ben,
say the value of A ( REGDWORD ) is 3c in hexadecimal or 60 in decimal
when i run your query
exist ( Value “A” of it = hexadecimal integer(“3c”)) of key “HKEY_LOCAL_MACHINE\SOFTWARE\keyname” of registry
it give me True
but when i change 3c to others value say a or b or c…
it give me True also ?
shouldn’t it give me False
(imported comment written by BenKus)
Oops! I made a mistake when I sent it to you… You are correct that this query will always return true if the value exists…
This is what I should have sent:
exist value “A” whose (it = hexadecimal integer(“498”)) of key “HKEY_LOCAL_MACHINE\SOFTWARE\keyname” of registry
Ben
(imported comment written by tigger0191)
Hello,
Using the relevance above as an example I have made this relevance statement below:
exist key “HKLM\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion” whose (value “ProductVersion” of it != hexadecimal integer (“524289018”)) of registry
Now, on the server that I am testing with, the value is 524289018, as shown in the attachment, and yet it evaluates using the relevance debugger on the server in question to True. What gives? Am I mis-understanding how relevance for hex integers works? Thanks in advance for your help.
Eric
(imported comment written by tigger0191)
Sorry, I read on and found that Ben replied with a different relevance arrangement. So I tried:
exist value “ProductVersion” whose (it = hexadecimal integer(“524289018”)) of key “HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion” of registry
This relevance statement evaluates to False. Shouldn’t it evaluate to True? Again, the value in the registry is 524289018.
(imported comment written by BenKus)
Hey tigger,
If you did want to compare the hexadecimal version, you would use the hexadecimal string from the registry:
exist value “ProductVersion” whose (it = hexadecimal integer(“1f4003fa”)) of key “HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion” of registry
But… there is probably no reason to bother with hex so you can just compare the integers:
exist value “ProductVersion” whose (it as integer = 524289018) of key “HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion” of registry
And remember that BigFix is partnering with Trend Micro now to offer AntiVirus powered by Trend Micro by managed through your BigFix platform… so if that AV product in your relevance is not meeting your expectations, then feel free to ask us about our new integration 
Ben
(imported comment written by tigger0191)
Thanks Ben. Works like a charm.