I’m trying to get the modification time from a file that starts with C-00000291.*
At the moment, it works if I have the full name, but I need to use only one part of the name (whose name of it starts with “C-00000291”), unfortunately, it did not work, any idea?
Working:
if (exists x64 file “c:\windows\system32\drivers\CrowdStrike\C-00000291-00000000-00000033.sys”) then modification time of x64 file “c:\windows\system32\drivers\CrowdStrike\C-00000291-00000000-00000033.sys” as string else “File C-00000291*.sys does not exist”
not working:
exists file whose (name of it starts with “C-00000291”) of x64 folder “c:\windows\system32\drivers\CrowdStrike\C-00000291-00000000-00000033.sys”
Error: Singular expression refers to nonexistent object.
(names of it, modification times of it) of files whose (name of it as lowercase starts with "C-00000291" as lowercase) of x64 folder "C:\windows\system32\drivers\crowdstrike"
Also, consider keeping an eye on CrowdStrike Issue 2024-07-19 as I expect we’ll have more to share there that may help.
(you were quite close with your second query above, but included the file name in the folder reference…removing it should allow it to return properly: exists file whose (name of it starts with "C-00000291") of x64 folders "c:\windows\system32\drivers\CrowdStrike\")
if (exists files whose (name of it as lowercase starts with "C-00000291" as lowercase) of x64 folder "C:\windows\system32\drivers\crowdstrike") then (names of it, modification times of it) of files whose (name of it as lowercase starts with "C-00000291" as lowercase) of x64 folder "C:\windows\system32\drivers\crowdstrike" as string else "File C-00000291*.sys does not exist"