Hi,
I try to take this command
get-wmiobject -class win32_quickfixengineering -filter "HotfixID = ‘KB979683’"
I try to change the command so it will fit but all the changes were wrong because I don’t know how to write relevance command
…and try to avoid using WMI in relevance, where possible. WMI can spawn other pricess that consume system resources and are not bound by the Bigfix client’s CPU throttling.
In another recent thread in this forum, someone found queries to win32_quickfixengineering in particular caused high resource usage from the TrustedInstaller service.
not exists (string values of properties “HotFixID” of it) whose(it starts with “KB2863058”) of select objects “HotFixID from Win32_QuickFixEngineering” of wmis
If you are specifically looking for KB979683, along the lines that @TimRice suggested, you could look at fixlets 10021120 or 1002113 that are the fixlet for the Vista version of KB979683 (MS10-021) and make a custom copy of them then update the detection for the platform specific to your requirements (the Microsoft article https://support.microsoft.com/en-us/help/979683/ms10-021-vulnerabilities-in-windows-kernel-could-allow-elevation-of-pr gives the file versions for other platforms). I have to echo the advice already given by @JasonWalker about using WMI. File or registry checks are much more efficient once you can figure out where patch related data might be, such as HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageIndex