I have two McAfee products in my environment.
- mcafee agent 4.8 & Mcafee VirusScan Enterprise
- McAfee agent 5.05 and Mcafee Endpoint Security threat prevention/Mcafee Endpoint Security platform
I have created two analysis in Bigfix
- To check Mcafee agent version
if exists (values “DisplayVersion” of it of keys whose (value “DisplayName” of it as string contains “McAfee Agent”) of keys “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of native registry) then ((values “DisplayVersion” of it of keys whose (value “DisplayName” of it as string contains “McAfee Agent”) of keys “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of native registry) as string) else “Not Installed”
relevance 1 works fine
2.to check antivirus version
(values “DisplayName” of it, values “DisplayVersion” of it) of keys whose(exists value “DisplayName” whose(it as string as lowercase contains “mcafee”) of it) of keys “SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of (keys “HKEY_LOCAL_MACHINE” of it; keys of keys “HKEY_USERS” of it) of (x64 registries; x32 registries)
When i run to check antivirus, it gives me more values
In qna
Q:(values “DisplayName” of it, values “DisplayVersion” of it) of keys whose(exists value “DisplayName” whose(it as string as lowercase contains “mcafee”) of it) of keys “SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of (keys “HKEY_LOCAL_MACHINE” of it; keys of keys “HKEY_USERS” of it) of (x64 registries; x32 registries)
A: McAfee Agent, 5.0.5.658
A: McAfee Endpoint Security Threat Prevention, 10.5.1 ---------"Just want this value if ENS is install
A: McAfee Endpoint Security Platform, 10.5.1
T: 5.911 ms
OR
If Mcafee VirusScan Enterprise installed
A: McAfee Agent, 4.8
A: McAfee Virusscan Enterprise, 8.8.06000 ---------"Just want this value if VirusScan Enterprise is install
T: 4.851 ms
Note:
exists value “DisplayName” whose(it as string as lowercase contains “mcafee”) of it ---- mcafee is case sensitive
How to use OR in This relevance.
:(values “DisplayName” of it, values “DisplayVersion” of it) of keys whose(exists value “DisplayName” whose(it as string as lowercase contains “mcafee endpoint security threat prevention” OR “McAfee Virusscan Enterprise”) of it of Keys “SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of (keys “HKEY_LOCAL_MACHINE” of it; keys of keys “HKEY_USERS” of it) of (x64 registries; x32 registries)
I am learning. Looking help from everyone