Relevance of registry

(imported topic written by jmlafreniere91)

Hello, I’m trying to install an antivirus on some computers that have the following relevance:

exists value “InstallLanguage” whose (it as string = “0409”) of keys “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\Language” of registry AND NOT exists value “ProductVersion” whose (it as string = “12217d6”) of keys “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV”

But it doesn’t seem to be working, as there is no relevant computers and I know there is.

Basically, I want to upgrade the antivirus to SEP 11.0.5002.333 (based on OS language) onto any computer that has an earlier version.

BTW, ProdutVersion key is a REG_DWORD, could it be it since I’m using “string”, maybe I should use something else ?

UPDATE: I’ve also tried this:

exists key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\Language” whose (value “InstallLanguage” of it as string = “0409”) of registry AND NOT exists key “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV” whose (value “ProductVersion” of it as string = “12217d6”) of registry

This time, I have more relevant computers that it’s supposed to be (clients already have latest version).

UPDATE: I’ve tried that also, to no avail:

exists key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\Language” whose (value “InstallLanguage” of it as string = “0409”) of registry AND (not exists key “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps” of registry) OR (version of file “Rtvscan.exe” of it < ") of (value “SAV Install Directory” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps” of registry as folder)

Can you please tell me what I’m doing wrong ?

Jim

(imported comment written by BenKus)

Hi Jim,

You forgot “of registry” at the end of your first query, but I am not sure if that is the cause of all the issue…

Can you try using the Relevance Debugger on the system you want to become relevant and try breaking apart the query to troubleshoot more? Then let us know which part of the query isn’t returning what you expect…

Ben

(imported comment written by jmlafreniere91)

Ben, I have another example. I want to apply this key to the registry only if the following relevance is trus.

Action:

regset "

HKEY_CLASSES_ROOT\CLSID{{020f6116-407b-11d3-a3bb-00c04fa32518}\InprocServer32

" “ThreadingModel”=“Apartment”

Relevance:

not exists value “ThreadingModel” whose (it as string = “Apartment”) of keys “HKEY_CLASSES_ROOT\CLSID{{020f6116-407b-11d3-a3bb-00c04fa32518}\InprocServer32” of registry

What is weird is that the value exists in my registry and it still returns TRUE. If I remove the first “{”, then it returns FALSE, but in a previous post, you told me I have to use double “{”. Is there anything I’m missing ?

Thanks and sorry for all the questions !

Jim

(imported comment written by jmlafreniere91)

I’ve also tried this for the previous request (different key):

not exists value “C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe” whose (it as string = “11.0.290”) of keys “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\DLLUsage” of registry

Same thing, it returns FALSE but computer is still relevant.

(imported comment written by BenKus)

Hey Jim,

You only need to escape the brackets if you are using embedded relevance in an action…

I know this is a fairly confusing topic and lots of people get tripped up on it so I went ahead and finally wrote a long-overdue KB article to explain in more detail:

http://support.bigfix.com/cgi-bin/kbdirect.pl?id=1230

Ben

(imported comment written by jmlafreniere91)

It is clearer now, thanks !

So my “Oracle bugfix” looks ok, and I think I might have found the solution for the antivirus relevance, I needed to put some more parentheses in the relevance, to separate the “AND” condition with the 2 “OR”:

For the record:

exists key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\Language” whose (value “InstallLanguage” of it as string = “0409”) of registry AND ((not exists key “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps” of registry) OR (not exists value “C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe” whose (it as string = “11.0.290”) of keys “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\DLLUsage” of registry))