Relevance to catch all versions of an app

Hi,
I am trying to edit the relevance to our carbon black app to be able to see which machines have it installed or not.
However when looking at the relevance, it seems to only be looking at the version thats installed on a specific registry value.

I need it to be able to see if the app is installed or not regardless of the version or key its installed on in the register.

I have tried one that looks for the DIsplayName and put in what I have, but thats still showing computers that have no installation of carbon black as not relevant…

Here is the relevance that preloads when you create a package.

/* Relevance generated from file “installer_vista_win7_win8-64-3.6.0.1979.msi” */
(exists file “msiexec.exe” of system folder) AND (disjunction of (NOT exists keys “{826F45AB-7AD8-438F-A114-840D3342B941}” whose ( value “DisplayVersion” of it as string as version >= “3.6.0.1979” as version AND value “Language” of it as string = “1033”) of keys “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of ( x32 registry; (if exists x64 registry then x64 registry else nothing) ))) AND

/* Relevance for msi launch condition: ‘VersionNT >= 601’ */
/**/
( (major version of it * 100 + minor version of it) of operating system >= 601 ) AND

/* Could not transform launch condition: ‘NOT INSTALLFOLDER OR SCANFOLDER’ into Relevance, Could not recognize the following properties: INSTALLFOLDER, SCANFOLDER*/
/* Could not transform launch condition: ‘NOT WIX_DOWNGRADE_DETECTED’ into Relevance, Could not recognize the following properties: WIX_DOWNGRADE_DETECTED*/
true

Here is the relevance I tested

(not exists keys whose (value “DisplayName” of it = “Carbon Black Cloud Sensor 64-bit”) of key “HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall” of registry) OR (((value “DisplayVersion” of keys whose (value “DisplayName” of it = “Carbon Black Cloud Sensor 64-bit”) of key “HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall” of registry) as string as version | (“0.0” as version)) < (“5.1.0.51215” as version))true

as well as, for older versions with different display names

(not exists keys whose (value “DisplayName” of it = “Cb Defense Sensor 64-bit”) of key “HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall” of registry) OR (((value “DisplayVersion” of keys whose (value “DisplayName” of it = “Cb Defense Sensor 64-bit”) of key “HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall” of registry) as string as version | (“0.0” as version)) < (“5.1.0.51215” as version))true

Any help would be appreciated.

Would it not be easier to check for the service, even to pull the version from the service?

exists services "CbDefense"

versions of services "CbDefense" as string

I’m not overly familiar with the CarbonBlack suite of products so maybe Defense and Cloud Sensor share the same service names and you are after a bit more visibility between the 2 that inspecting the service can provide?

Hi,
Thanks for responding

I apologize, but I am still very much in the learning process in creating relevance and have only been working off what I have found on bigfix.me and what bigfix creates for me when loading a package
Looks like there are two services. I checked a few versions.
CB Defense
CB Defense WSC
What would I need to create or change in my current relevance?

This is certainly the right place to look for help…its a very useful and extremely helpful and community. :grinning: What I do in our environment is to have 2 properties for the Cb product we are interested in. 1 that looks for the existence of the service and the other to detect the version. This is repeated for each Cb product, eg Protect, Defense, Responce etc. For the Windows OS, they key is knowing the service name and then reflecting that service name in the property relevance (you can of course use display name if you prefer, its just easier using the service name).

image

Q: exists service "CarbonBlack"
A: True
T: 0.507 ms
I: singular boolean

Q: versions of services "CarbonBlack"
A: 7.0.1.16744
T: 0.451 ms
I: plural version

Our environment isn’t purely Windows so the properties we use are cross platform for Windows and Linux but if you have just a Windows environment, the example above should work for you and you can add more for the various Cb services your environment has.

1 Like

Hmm, so I just tried (NOT Exists service “CBDefense”)true as the only relevance, thinking that it would show me all machines that do not have carbon black on them… However, its still removed computers from relevancy that do not have cb defense installed.

Wonder if I’m still doing something wrong…

Are you creating a property or is this a fixlet you are editing? A property is possibly the easiest way to bring visibility of systems missing the product which you can then see via web reports. No need to modify a fixlet for this. The relevance that would give you simple True or False results would be

exists service "CbDefense"

A fixlet is more suitable if you want to detect applicable systems so that an action can be taken, such as deploy the product. The relevance I use for a fixlet is pretty straight forward so any system that does not have the same or newer version as we are requiring, will report back as relevant

1 Like

Hmm, now its its showing machines that do have it installed again.
Maybe different versions have different service names.
I’ll need to double check.

as I copied your relevance and only did the servicename and not the version as right now i don’t care which version

I’ll keep digging. Thanks for the help