Laptop Compliance Fixlet

(imported topic written by Gman8291)

Hi,

I am working on a compliance Fixlet for our company LAptops which use CPM.

I have created a fixlet for the time being that will tell me if a laptop is compliant or not by looking at a few criteria.

To be compliant a laptop has to have had the following run within the timescales specified: “LastPatternUpdate” of CPM Client within last 5 days ; “LastRun” of Maintenance Window within last 7 Days and the “LastScanStartTime” of the CPM client is withi last 7 days.

Relevance:

Q: IF (Exists key “HKLM\SOFTWARE\BigFix\CPM\client” of registry) AND (exists value “LastPatternUpdate” whose (it as time > now - 5day) of key “HKLM\SOFTWARE\BigFix\CPM\client” of registry) AND (exists key “HKLM\SOFTWARE\BigFix\EnterpriseClient\MaintenanceWindow” of registry) AND (exists value “LastRun” whose (it as time > now - 7day) of key “HKLM\SOFTWARE\BigFix\EnterpriseClient\MaintenanceWindow” of registry) AND (exists key “HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\CPM” of registry) AND (exists value “LastScanStartTime” whose (it as time > now - 7*day) of key “HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\CPM” of registry) THEN “Device Compliant” ELSE “Device Not Compliant”

A: Device Not Compliant

However I would like to make the Relevance more complex to display specifically the reason(s) the laptop is not compliant, but i am struggling with what method to use in the relevance. ELSE IF THEN?!? for the various combinations??

I would like to complete the final relevance on my own…I just need a nudge in the right direction :slight_smile:

Thanks,

Gordon

(imported comment written by NoahSalzman)

Here is one approach, in pseudocode:

if

(is pattern update bad?)

then

Pattern update is bad!

else if

(is last run bad?)

then

Last run is bad!

else if

(is scantime bad?)

then

Scan time is bad!

else

Everything is OK!

(imported comment written by Gman8291)

Thanks Noah -I have just written some relevance to that effect. However it is not giving me the result i want. Its reporting “Everything is ok” even though i have changed some values…

Here is my new relevance. I have covered every outcome as far as i can see. Its got me really puzzled now as though had cracked it:

Q: IF (Exists key “HKLM\SOFTWARE\BigFix\CPM\client” of registry) AND (exists value “LastPatternUpdate” whose (it as time > now - 5day) of key “HKLM\SOFTWARE\BigFix\CPM\client” of registry) AND (exists key “HKLM\SOFTWARE\BigFix\EnterpriseClient\MaintenanceWindow” of registry) AND (exists value “LastRun” whose (it as time > now - 7day) of key “HKLM\SOFTWARE\BigFix\EnterpriseClient\MaintenanceWindow” of registry) AND (exists key “HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\CPM” of registry) AND (exists value “LastScanStartTime” whose (it as time < now - 7day) of key “HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\CPM” of registry) THEN “Not Compliant - Virus Scan Out of Date” ELSE IF(Exists key “HKLM\SOFTWARE\BigFix\CPM\client” of registry) AND (exists value “LastPatternUpdate” whose (it as time > now - 5day) of key “HKLM\SOFTWARE\BigFix\CPM\client” of registry) AND (exists key “HKLM\SOFTWARE\BigFix\EnterpriseClient\MaintenanceWindow” of registry) AND (exists value “LastRun” whose (it as time < now - 7day) of key “HKLM\SOFTWARE\BigFix\EnterpriseClient\MaintenanceWindow” of registry) AND (exists key “HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\CPM” of registry) AND (exists value “LastScanStartTime” whose (it as time > now - 7day) of key “HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\CPM” of registry) THEN “Not Compliant - Maintenance Window Out of Date” ELSE IF(Exists key “HKLM\SOFTWARE\BigFix\CPM\client” of registry) AND (exists value “LastPatternUpdate” whose (it as time > now - 5day) of key “HKLM\SOFTWARE\BigFix\CPM\client” of registry) AND (exists key “HKLM\SOFTWARE\BigFix\EnterpriseClient\MaintenanceWindow” of registry) AND (exists value “LastRun” whose (it as time < now - 7day) of key “HKLM\SOFTWARE\BigFix\EnterpriseClient\MaintenanceWindow” of registry) AND (exists key “HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\CPM” of registry) AND (exists value “LastScanStartTime” whose (it as time < now - 7day) of key “HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\CPM” of registry) THEN “Not Compliant - Maintenance Window & Virus Scan Out of Date” ELSE IF (Exists key “HKLM\SOFTWARE\BigFix\CPM\client” of registry) AND (exists value “LastPatternUpdate” whose (it as time < now - 5day) of key “HKLM\SOFTWARE\BigFix\CPM\client” of registry) AND (exists key “HKLM\SOFTWARE\BigFix\EnterpriseClient\MaintenanceWindow” of registry) AND (exists value “LastRun” whose (it as time > now - 7day) of key “HKLM\SOFTWARE\BigFix\EnterpriseClient\MaintenanceWindow” of registry) AND (exists key “HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\CPM” of registry) AND (exists value “LastScanStartTime” whose (it as time > now - 7day) of key “HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\CPM” of registry) THEN “Not Compliant - Virus Pattern Out of Date” ELSE IF (Exists key “HKLM\SOFTWARE\BigFix\CPM\client” of registry) AND (exists value “LastPatternUpdate” whose (it as time < now - 5day) of key “HKLM\SOFTWARE\BigFix\CPM\client” of registry) AND (exists key “HKLM\SOFTWARE\BigFix\EnterpriseClient\MaintenanceWindow” of registry) AND (exists value “LastRun” whose (it as time > now - 7day) of key “HKLM\SOFTWARE\BigFix\EnterpriseClient\MaintenanceWindow” of registry) AND (exists key “HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\CPM” of registry) AND (exists value “LastScanStartTime” whose (it as time < now - 7day) of key “HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\CPM” of registry) THEN “Not Compliant - Virus Pattern & Virus Scan Out of Date” ELSE IF(Exists key “HKLM\SOFTWARE\BigFix\CPM\client” of registry) AND (exists value “LastPatternUpdate” whose (it as time < now - 5day) of key “HKLM\SOFTWARE\BigFix\CPM\client” of registry) AND (exists key “HKLM\SOFTWARE\BigFix\EnterpriseClient\MaintenanceWindow” of registry) AND (exists value “LastRun” whose (it as time < now - 7day) of key “HKLM\SOFTWARE\BigFix\EnterpriseClient\MaintenanceWindow” of registry) AND (exists key “HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\CPM” of registry) AND (exists value “LastScanStartTime” whose (it as time > now - 7day) of key “HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\CPM” of registry) THEN “Not Compliant - Virus Definition & Maintenance Window Out of Date” ELSE IF(Exists key “HKLM\SOFTWARE\BigFix\CPM\client” of registry) AND (exists value “LastPatternUpdate” whose (it as time < now - 5day) of key “HKLM\SOFTWARE\BigFix\CPM\client” of registry) AND (exists key “HKLM\SOFTWARE\BigFix\EnterpriseClient\MaintenanceWindow” of registry) AND (exists value “LastRun” whose (it as time < now - 7day) of key “HKLM\SOFTWARE\BigFix\EnterpriseClient\MaintenanceWindow” of registry) AND (exists key “HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\CPM” of registry) AND (exists value “LastScanStartTime” whose (it as time < now - 7*day) of key “HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\CPM” of registry) THEN “Not Compliant - Virus Pattern; Maintenance Window & Virus Scan All Out of Date” ELSE “Device Compliant - Everything ok”

(imported comment written by NoahSalzman)

First thing to do is to pull out the redundancies.

Get all the “exists” in the “first if” and don’t test them again.

Then, start with a simplified version that just tests one criterion, see if that works, and then build on that.

(imported comment written by Gman8291)

Ok makes sense - Appreciate the feedback Noah. Thanks

(imported comment written by jessewk)

I think you were missing some parenthesis in key places. Here is a much simpler construction:

(if (item 0 of it = “Compliant” and item 1 of it = “Compliant” and item 2 of it = “Compliant”) then (“Compliant”) else ("Not Compliant: " & concatenation " , " of (item 0 of it; item 1 of it; item 2 of it) whose (it != “Compliant”))) of ((if (item 0 of it) then “Compliant” else “Virus Pattern Out of Date”) , (if (item 1 of it) then “Compliant” else “Maintenance Window Out of Date”) , (if (item 2 of it) then “Compliant” else “Virus Scan Out of Date”)) of (exists value “LastPatternUpdate” whose (it as time <= now - 5day) of keys “HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\CPM” of registry , (exists value “LastRun” whose (it as time <= now - 7day) of keys “HKLM\SOFTWARE\BigFix\EnterpriseClient\MaintenanceWindow” of registry) , (exists value “LastScanStartTime” whose (it as time < now - 7*day) of keys “HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\CPM” of registry))

It first checks against each of your three criteria, returning True only if the check passes. It then maps the True/False result to the type of compliance check. Finally, it will return “Compliant” if all checks pass or it will return a list of the checks that didn’t pass.

(imported comment written by jessewk)

Here is a slight modification that makes it easier to read:

(if (item 0 of it = “Compliant” and item 1 of it = “Compliant” and item 2 of it = “Compliant”) then (“Compliant”) else ("Not Compliant: " & concatenation " , " of (item 0 of it; item 1 of it; item 2 of it) whose (it != “Compliant”))) of ((if ((exists value “LastPatternUpdate” whose (it as time <= now - 5day) of keys “HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\CPM” of registry)) then “Compliant” else “Virus Pattern Out of Date”) , (if ((exists value “LastRun” whose (it as time <= now - 7day) of keys “HKLM\SOFTWARE\BigFix\EnterpriseClient\MaintenanceWindow” of registry)) then “Compliant” else “Maintenance Window Out of Date”) , (if ((exists value “LastScanStartTime” whose (it as time < now - 7*day) of keys “HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\CPM” of registry)) then “Compliant” else “Virus Scan Out of Date”))

(imported comment written by Gman8291)

Thanks Jesse. I had followed Noah’s advice about reducing redundancy etc, but my relevance was still looking very long winded. :slight_smile:

When get back to the office i will be sure to test with your simpler construction. Appreciate your taking time out to assist.

(imported comment written by Gman8291)

Fantastic. Thanks for your help.

I really think i will be able to amend and tidy up some previous properties we have created using the evaluation method you have shown me.

Now i know a clean way to check against multiple criteria with the ability to return a list im going to have some fun!! :slight_smile: