Relevance code causing issue

mail2vij · August 28, 2023, 11:20am

i tired to find out a file in bigfix QnA and all try it gives me file does not exits however really exists in the system

q:exists files of (native system folders; system x64 folders) whose (name of it contains "MpSigStub.exe")
A: False
T: 776.326 ms


q:exists files of system x64 folders whose (name of it contains "MpSigStub.exe")
A: False
T: 775.978 ms

q:exists files whose (name of it contains "MpSigStub.exe") of folder "C:\Windows\System32" 
A: False
T: 775.760 ms


q:exists files whose (name of it as lowercase contains "mpsigstub.exe") of folder (pathname of windows folder & "\System32")
A: False
T: 520.914 ms

q:pathname of system folder
A: C:\Windows\system32
T: 259.008 ms

q:pathname of windows folder
A: C:\Windows
T: 258.796 ms

q:exists files whose (name of it contains "MpSigStub.exe") of folder (pathname of windows folder & "\System32")
A: False
T: 258.599 ms


q:exists file "c:\windows\system32\MpSigStub.exe"
A: False
T: 0.189 ms

mail2vij · August 28, 2023, 11:29am

q:pathname of system folder
A: C:\Windows\system32
T: 266.524 ms

q:pathname of windows folder
A: C:\Windows
T: 266.302 ms

q:exists files “MpSigStub.exe” of native system folder
A: True
T: 818.287 ms

JasonWalker · August 28, 2023, 12:16pm

I’m glad you solved this yourself, just wanted to clarify why I think your first query did not work.

q:exists files of (native system folders; system x64 folders) whose (name of it contains "MpSigStub.exe")
A: False

On this query, the whose() is being applied to the folder names, not the file names. It’s looking at

(native system folders; system x64 folders) whose (name of it contains "MpSigStub.exe")

Because the folder “C:\Windows\System32” does not contain “MoSigStub.exe” as part of the folder name, that returns no folders and thus no files of that empty folder list. That original query could have been changed to

q:exists files whose (name of it contains "MpSigStub.exe") of (native system folders)

But the query you ended up with is more efficient. In the form I’ve written above, relevance retrieves a list of every file in the System32 folder, then performs a string comparison on the name of each file; in the form you ended up with, only one file is selected from the folder, there’s no need to compare the names of every file in the folder.