Can anyone tell me how I can run a relevance clause to query running applications on a 64-bit windows client?
I have the following cluase that works fine on 32 bit clients:
exists running application “mcshield.exe”
However, as this runs as a 64 bit process on x64 machines the above does not work on 64 bit clients, is there a seperate operator or property that I need to use to query 64-bit processes?
In fact, when I run the query ‘names of running applications’ on a 64 bit client, only the 32 bit processes are listed, so I guess my exact question is how do I list 64 bit processes ?
You are correct and running applications only report 32-bit processes. We added inspectors for x64 file system, registry, windows folder, and other x64 specific parts of the system, but we missed the running applications inspector. We have a bug (#11194) on this and we will update this soon in a new release.
In the meantime, maybe you can use the services inspector instead? Try this and see if it works on x64:
exists service “mcshield” whose (state of it = “Running”)
You are correct and running applications only report 32-bit processes. We added inspectors for x64 file system, registry, windows folder, and other x64 specific parts of the system, but we missed the running applications inspector. We have a bug (#11194) on this and we will update this soon in a new release.
In the meantime, maybe you can use the services inspector instead? Try this and see if it works on x64:
exists service “mcshield” whose (state of it = “Running”)