Facing issue with below relevance, as this is not working on x64 bit operating system. Can anyone suggest what is wrong I am doing… Thanks in advance.
Relevance :
if exists value "ProductVersion" whose(it as string as version <="14.0.3897.1101") of keys "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Symantec\Symantec Endpoint Protection\SMC" of (x64 registry;x32 registry) then false else trueHi ,
try this one
(if (not exists it) then true else ((it as string does not start with "xxxx") of (value "DisplayVersion" of it))) of key whose (exists value "DisplayName" whose (it as string as lowercase contains "symantec endpoint protection" ) of it ) of keys "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of (x64 registries;x32 registries)Hi @swiars
After adding the given relevance, i am getting the same error, as i am still getting applicable computers, although the system having the Symantec client installed.
Pls assist further…Thanks
It’s getting down, but all of sudden it gets increase (applicable computer count).
Are you trying to get only the machines that don’t currently have Symantec installed?
if so try :
not exists keys whose (value "DisplayName" of it as string as lowercase contains "symantec endpoint protection") of keys "hklm\software\microsoft\windows\currentversion\uninstall" of (x64 registries;x32 registries)
If you are trying to get machines that have Symantec installed and are below a certain version then try:
exists keys whose (value "DisplayName" of it as string as lowercase contains "symantec endpoint protection" AND value "DisplayVersion" of it as string as version < "14.0.3897.1101" as version) of keys "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of (x64 registries;x32 registries)
The relevance was incorrect. First start with reading the raw values successfully before adding more logic:
(it as string) of values "ProductVersion" of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC" of (x64 registries;x32 registries)
I basically use something similar to the above as a basis for basically all registry reading.
Then do the check:
exists (it as string as version) whose(it <= "14.0.3897.1101") of values "ProductVersion" of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC" of (x64 registries;x32 registries)
The main problem was the addition of WOW6432Node in the key path. This is what the x32 registries does already.
What are you trying to determine with the relevance? Just computers where it is installed? or something more specific?
Hi @James, I am trying to check the latest version of Symantec on both 32 & 64 bit OS architecture…
Let me try your suggestion. will get back to you…
Hi @James, getting below output…
q: (it as string) of values "ProductVersion" of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC" of (x64 registries;x32 registries)
A: 14.0.3897.1101
T: 0.126 ms
q: exists (it as string as version) whose(it <= "14.0.3897.1101") of values "ProductVersion" of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC" of (x64 registries;x32 registries)
A: True
T: 0.125 ms
The second relevance unable to find the Version in 64 Bit OS.
How so? The results you are showing me is suggesting it is.
The relevance I provided works with both 32bit and 64bit OSes.
Oh, I guess for the 2nd relevance, you want NOT in front:
not exists (it as string as version) whose(it <= "14.0.3897.1101") of values "ProductVersion" of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC" of (x64 registries;x32 registries)
Try that ^
@James… 
I am totally confused now, as I have applied so many relevance but getting stuck with 64Bit OS…
I guess I’m confused, what do you want the result to be, in which case?
This should read the raw value on 64bit OS:
(it as string) of values "ProductVersion" of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC" of (x64 registries;x32 registries)
therefore the relevance works, it is just a matter of taking that result and turning it into true/false logic as needed, but in either case I’d recommend making an analysis for SEP and putting the above raw data relevance in as a property so you can see it return results for all machines and see what is returned for ProductVersion.
Result should be in True or False state…if I’ll have this version installed in my machine… It is working for 64 bit for sometime and the count of applicable computer also getting decrease but all of the sudden the count gets increase.
The second suggestion… I have also added analysis for SEP but getting the same behavior…
I think we are not understanding each other.
Make an analysis, have the only relevance in it as windows of operating system
Then make a property, and put in it the following:
(it as string) of values "ProductVersion" of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC" of (x64 registries;x32 registries)
Then see what that returns for all of your machines. It should be something like 14.0.3897.1101 but the version on the particular machine. It should NOT be true/false. You can’t debug the True/False result without seeing the raw data first.
It should return the productversion for both 32bit and 64bit systems.
Validate the results by some spot checking.
Then make another analysis property in the same analysis, and then try adding the logic to turn it into a true false.
Compare the true/false values with the raw version data. You may find some discrepancies which could be due to needing the pad of inspector added to pad out the version. A screenshot of the analysis results showing both the raw version, the results, and the relevance will help me understand what is going on.
DO NOT try to debug the true/false values without raw data, this is a recipe for a headache.
These are outdated and have worse written relevance in most cases, but are a useful reference and comparison:
@James… sorry for this…
Just to confirm. I have created a analyses property to check the SEP version, and by using it I am getting the exact available SEP version in system. (Unable to paste snapshot…frankly… I don’t know how to paste 
Then I have added the same analyses into fixlet relevance. e.g. SEPVerision>contains (all options)>14.0.3897.1101.
It’s working for sometime but not for long.
so this is to pad out the versions:
(pad of it) of (it as string as version) of values "ProductVersion" of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC" of (x64 registries;x32 registries)
I still have NO IDEA what you are asking for in terms of the TRUE/FALSE… in what cases should it be TRUE, in what cases should it be FALSE? I need specific examples.
What is this relevance for? What is the intended use case? Are you upgrading systems that already have SEP? are you installing SEP for those that don’t have it? are you uninstalling it?
What should be the result if SEP is not installed at all? True or False or something else?
What should be the result if SEP is version “13.1”? True or False?
What should be the result if SEP is version “15.1”? True or False?
What should be the result if SEP is version “14.0.3897.1101”? True or False?
What should be the result if SEP is version “14.1”? True or False?
What should be the result if SEP is version “14.0”? True or False?
@James, the intent is to get only those machines who not having the SEP Version 14.0.XX.XX in system.
What is this relevance for? >>I was using below relevance before…and it was working fine but not now…
not exists values “PRODUCTVERSION” whose(it as string as version =“14.0.1004.6500” OR it as string as version =“14.0.2349.0100”) of keys “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion” of (x64 registries;x32 registries)
Are you installing SEP for those that don’t have it? > No… I am not upgrading systems, i am upgrading old SEP Client (12.1) into New one (14.0)…
What should be the result if SEP is not installed at all? True or False or something else? >> I am not checking the whether the SEP is installed or not… here i am checking the SEP Version only…
What should be the result if SEP is version “14.1”? True or False? >> False (Not applicable)
What should be the result if SEP is version “13.1”? True or False? >> True (Applicable)
not exists (pad of it) whose(it >= "14.0.3897.1101") of (it as string as version) of values "ProductVersion" of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC" of (x64 registries;x32 registries)
This should be the correct logic.
Right, but what should the boolean result be if there is no SEP installed currently at all?
@James, earlier i was also checking the SEP availability & version, but i was getting the same issue.
Kindly assist .
Even after making the relevance “False” getting applicable computers
It can take the computers some time to evaluate the change and report back as false, and for your console to refresh to remove the applicable computers list.
The relevance you enter here is not evaluated on your console or the server - it’s sent out to every client to evaluate and report back the result. Depending on your relay distribution, UDP Command Polling, Command Polling settings from the client, firewalls, length of the client evaluation cycle, whether clients are turned off, etc…this can take anywhere from a few minutes to several hours.