I’m trying to get the Publisher of every instance of Java.exe running on company computers. The path name leading to Java.exe would be extremely helpful as well, along with the version. We have an audit upcoming and I need to produce this information but I’m having difficulty. Any help with a quick Analyses would be great. Thanks.
You could do this with Bigfix even without BFI but you’d need to do it as task followed by a property. First scan for the file with a basic DIR /b command and output the results to a text file, then process the text file with a property. This is an approach I’ve used to search for names files that I would then process using properties, eg obtain the size and SHA1 of the detected files. I use a task with the following action to accomplish this (may need a different approach once Microsoft retire WMIC.exe)
// Turn off wow redirection otherwise System32 folder search gets skipped due to redirection
action uses wow64 redirection false
// Ask for the file name to search
action parameter query "FILENAME" with description "Please enter the filename you wish to search for" with default "java.exe"
// Set parameters to create results file and completion flag tracker
parameter "outfile"="{expand environment string of "%25TEMP%25" as string & "\" & (concatenation "_" of substrings separated by "." of (parameter "FILENAME")) & ".txt"}"
parameter "searching"="{expand environment string of "%25TEMP%25" as string & "\" & (concatenation "_" of substrings separated by "." of (parameter "FILENAME")) & "_SearchIsRunning.txt"}"
delete {parameter "outfile"}
delete {parameter "searching"}
// Create a marker file which is then used by the property relevance to avoid trying to inspect a file that is still being generated
// Run the DIR command after creating the marker file then delete the marker file so the property can read the results of only a completed scan
createfile until EOF
echo. > {parameter "searching"}
for /f "tokens=2 delims==:" %%d in ('wmic logicaldisk where "drivetype=3" get name /format:value') do @dir %%d:\{parameter "FILENAME"} /s /b >> {parameter "outfile"}
del {parameter "searching"}"
EOF
delete FindFiles.cmd
copy __createfile FindFiles.cmd
runhidden FindFiles.cmd
Then create a property to scan the list to discovered file and process them to meet your specific requirements, in my case a get the pathname, size and sha1 of each discovered file. I use a flag file so I’m not trying to process the file while a scan is still running.
Q: if ((windows of operating system) and (not exists file (expand environment string of "%25TEMP%25" as string & "\java_exe_SearchIsRunning.txt") and (exists files (expand environment string of "%25TEMP%25" as string & "\java_exe.txt")))) then ((pathname of it, size of it, sha1 of it) of files (lines of files (expand environment string of "%25TEMP%25" as string & "\java_exe.txt"))) else (nothing)
A: C:\Windows\temp\java.exe, 7, 25c8696997470ce6ccb2f2c2921aca083f192ff6
T: 31.716 ms
I: plural ( string, integer, string )