Hi, welcome to Bigfix!
There are several considerations here -
An Analysis that looks at all descendant files on the hard drive is very likely to have some errors with timing-out during evaluation, as it takes a long time to traverse the drive and will also cause performance impacts to the client (as in, the client won’t evaluate any other content or respond to any actions while this is running). So for an operation like that we’d usually use what we call a “breadcrumb” approach - where we run an Action to find the files & properties, save the result to a text file, and report the contents of the text file in an Analysis.
From a pure Relevance standpoint, any time you could have multiple files and want to retrieve multiple properties of it (like the pathname and the version), you’ll need to craft the relevance a little bit differently. When you treat them separately, you get a “cross-product”, where every name is combined to every version. Here’s an illustration, looking at two files from the system folder:
q: files ("cmd.exe"; "cscript.exe") of system folder
A: "cmd.exe" "10.0.17763.592" "Windows Command Processor" "10.0.17763.1 (WinBuild.160101.0800)" "Microsoft Corporation"
A: "cscript.exe" "5.812.10240.16384" "Microsoft ® Console Based Script Host" "5.812.10240.16384" "Microsoft Corporation"
T: 12.364 ms
I: plural file
If we retrieve their names and versions, we get a cross-product:
q: (names of files ("cmd.exe"; "cscript.exe") of system folder, versions of files ("cmd.exe"; "cscript.exe") of system folder)
A: cmd.exe, 10.0.17763.592
A: cmd.exe, 5.812.10240.16384
A: cscript.exe, 10.0.17763.592
A: cscript.exe, 5.812.10240.16384
What’s happened there is that is we are retrieving both the names of the two files, and the versions of the two files, but we don’t have a relationship between each file name and each file version.
Instead, we need to examine each file separately and retrieve only that file’s properties. We can do this with a construct like (property 1 of it, property 2 of it) of files (x) :
q: (pathname of it, version of it) of files ("cmd.exe"; "cscript.exe") of system folder
A: C:\WINDOWS\system32\cmd.exe, 10.0.17763.592
A: C:\WINDOWS\system32\cscript.exe, 5.812.10240.16384
So, performance considerations aside, your first query should look more like
(pathname of it, version of it ) of find files "zoom.exe" of descendant folders of folder "c:"
You can reduce that a bit, expecting that zoom.exe should live somewhere in the user profiles:
(pathname of it, version of it ) of find files "zoom.exe" of descendant folders of folder "c:\Users"
And even better if you know it lives beneath something like C:\Users<something>\AppData\Zoom (I don’t know what directory it really lives in though, so that may take some investigation:
(pathname of it, version of it ) of find files "zoom.exe" of folders "AppData\Zoom" of folders of folder "c:\Users"
Once you get down to that form, you’re no longer traversing every descendant folder, and it’s much safer to use this in an Analysis.
The folders of folder "c:\Users" gets you to every folder one-level beneath C:\Users - so it returns values like
C:\Users\User1
C:\Users\User2
C:\Users\User3
etc.
So when you look at folders “AppData\Zoom” of that, you’re searching every user account’s AppData\Zoom folder for the executable.