Find multiple files

Content Authoring
1

Hi guys,

I need to search for multiple files on the entire endpoints file system. The files can be in different paths and so I have to do a search on the whole file system. I have created a task that performs the following steps:

delete __appendfile
delete findfiles.bat
appendfile @echo off

appendfile del "c:\temp\myfiles.txt"

appendfile echo "{concatenation "" of pathnames of descendants whose (name of it as lowercase is "xxx.txt") of folders "\" of drives whose (type of it="DRIVE_FIXED")}" >> "c:\tmpIEM\myfiles.txt"

appendfile echo "{concatenation "" of pathnames of descendants whose (name of it as lowercase is "xxx.ini") of folders "\" of drives whose (type of it="DRIVE_FIXED")}" >> "c:\tmpIEM\myfiles.txt"

appendfile echo "{concatenation "" of pathnames of descendants whose (name of it as lowercase is "xxx.exe") of folders "\" of drives whose (type of it="DRIVE_FIXED")}" >> "c:\tmpIEM\myfiles.txt"

appendfile echo "{concatenation "" of pathnames of descendants whose (name of it as lowercase is "yyy.exe") of folders "\" of drives whose (type of it="DRIVE_FIXED")}" >> "c:\tmpIEM\myfiles.txt"
...
...
appendfile echo "{concatenation "" of pathnames of descendants whose (name of it as lowercase is "zzz.exe") of folders "\" of drives whose (type of it="DRIVE_FIXED")}" >> "c:\tmpIEM\myfiles.txt"

move __appendfile findfiles.bat

wait "{pathname of client folder of site "BESSupport"}\RunQuiet.exe" findfiles.bat 1>NUL 2>NUL

On some endpoints it terminates successfully without problems, while on others it fails. I guess it is due to a timeout problem because the whole process takes about 40 minutes.
On the local log file the error is as follows:


At 14:21:24 +0200 - actionsite (http://bfs.root.sys:52311/cgi-bin/bfgather.exe/actionsite)
Command succeeded appendfile echo “;” >> “c:\tmp\myfiles.txt” (action:471065)
At 14:22:58 +0200 - actionsite (http://bfs.root.sys:52311/cgi-bin/bfgather.exe/actionsite)
Command succeeded appendfile echo “;” >> “c:\tmp\myfiles.txt” (action:471065)
At 14:23:58 +0200 - actionsite (http://bfs.root.sys:52311/cgi-bin/bfgather.exe/actionsite)
Command failed (Relevance substitution failed) appendfile echo “{concatenation “” of pathnames of descendants whose (name of it as lowercase is “yyy.exe”) of folders “” of drives whose (type of it=“DRIVE_FIXED”) & “;”}” >> “c:\tmp\myfiles.txt” (action:471065)
At 14:23:58 +0200 -
ActionLogMessage: (action:471065) ending action

Do you also think that this is the problem?
Suggestions?

Thanks
Giorgio

2

Please edit your post to put the script and log into a code tag - there are special characters there that break the HTML formatting.
Highlight the text and hit the “code” format button -

Screenshot_20211005-141519_Chrome
Screenshot_20211005-141519_Chrome1080×570 161 KB

3

Hi Jason,

Sorry, now I’ve change the post.

Thanks
Giorgio

1 Like
4

No worries! This just makes it a lot easier to read what’s going on.

5

I’d recommend running the file scan itself outside of Relevance - in a ‘dir /s /b’ command we can scan the whole drive, for multiple filenames, and run outside of the client CPU throttling.

Check DHS Emergency Directive 21-01 - Sunburst - SolarWinds thread for “Method 2 Scan” for an example of doing this kind of scan.

1 Like