I am trying to leverage BigFix to help mitigate some of our virus and malware issues. I created a fixlet with a simple task, to delete crss.exe from C:\windows folder.
Here is how I created the fixlet:
In Console, went to “My Custom Fixlet Messages”, right-clicked and created new fixlet.
On the Relevance tab, I selected “Computers which match the condition below”.
On the dropdown menus:
Relevance Expression, is true, Edit Relevance…
On the “Edit Relevance…” I entered: exists file “crss.exe” of folder “c:\windows”
On the Actions tab, I set the default action to: delete “c:\windows\crss.exe” /F /Q
I then opened new notepad, put in some letters, then saved it as crss.exe and placed it in the c:\windows folder of my PC. It showed up as relevant, no problem.
When we changed the names of some .exe’s to crss.exe and saved them to the c:\windows folder on several test machines, none of them show relevant.
Any help with this is greatly appreciated.
-thanks
EDIT: Running Big Fix version: 7.2.5.22 if that helps.
I created another variant of the fixlet with relevance: exists file “c:\windows\crss.exe”
It only shows the same single PC out of the 8 test machines.
The file is located on the root of C:\windows From a folder structure standpoint, this remains the same regardless of being x64 or x86 architechture. Interestingly the one machine reporting properly is x64 windows 7 and the other test boxes are x86 Windows XP machines. Is there really a difference where bigfix is concerned? If so, how should the code look?
I have not tried this step yet. I’ll test it and report findings.