Required Analyses Fixlet to identify a file existance in entire system with the file location

Required Analyses Fixlet to identify the existence of a file in entire system alongwith the file location…

Is the file search in entire system will affect the system performance i.e. system high memory utilization, hang or etc. ?

As while running the Fixlet Debugger to search a file in entire system, the Fixlet Debugger is getting hanged, will it affect the system overall performance while searching…?

Kindly suggest.

Hi @Varun

Step 1: Create a Task to generate the list of files

In the TEM Console, select the menu option “Tools”, then “Create New Task Message”

In the “Name” field type in a title such as “Task to find .txt files”

In the “Message:” field put in a description of the task, such as “This task will search the drive for text files and then write them to the file “textfiles.txt” in the client folder. The action will only run when you apply the task to a computer”

In the “Action” tab, make sure the “Action Script Type” is “BigFix Action Script” and in the “Action Script” field paste the following:

delete __appendfile
delete findtextfiles.bat
appendfile @echo off

appendfile del “{pathname of parent folder of regapp “BESClient.exe”}\textfiles.txt”

appendfile echo “{”" & concatenation "" of pathnames of descendants whose (name of it as lowercase ends with “.txt”) of folders “” of drives whose (type of it=“DRIVE_FIXED”) & “**”}" >> “{pathname of parent folder of regapp “BESClient.exe”}\textfiles.txt”

move __appendfile findtextfiles.bat

wait “{pathname of client folder of site “BESSupport”}\RunQuiet.exe” findtextfiles.bat 1>NUL 2>NUL

On the “Relevance” tab, remove any text such as “true” and replace with the following:

version of regapp “BESClient.exe” >= “5.1”

You now have a Task that will search the drive for text files and then write them to the file “textfiles.txt” in the client folder. The action will only run when you apply the task to a computer. Any computer that you apply this task to will return the path of the .txt file.
This task will report back “Failed” on computers that do not have text files on the disk drives. You can safely ignore this report.

Note: Avoid having this task run continuously, since it is very resource intensive, and local users will probably notice the disk access. You can, for example, have this task constrained to run when no user is present to minimize its impact.

Step 2: Create a Retrieved Property

Select the menu “Tools” then “Manage Properties”

Click the “Add New” button.

In the “Name:” field enter something like “TEXT files”. In the “Relevance” field enter the following:
if exists file “textfiles.txt” of parent folder of regapp “BESClient.exe” then if size of file “textfiles.txt” of parent folder of regapp “BESClient.exe” > 10 then (substrings between “**” of (lines of file “textfiles.txt” of parent folder of regapp “BESClient.exe”)) else “N/A” else “No TEXT files”

Regards
Vicky

I’ve used the same approach as suggested by @vikki, though with a slightly process.

For the task, with a simple “true” relevance, this is the actionscript

// Turn off wow redirection otherwise System32 folder search gets skipped due to redirection
action uses wow64 redirection false
parameter "outfile"="{expand environment string of "%25TEMP%25" as string & "\findfile.txt"}"
parameter "ImRunning"="{expand environment string of "%25TEMP%25" as string & "\searching.txt"}"

delete {parameter "outfile"}
delete {parameter "ImRunning"}
// Create a marker file which is then uses by the property relevance to avoid "class FileIOError" errors when trying to list lines of a file locked for write access
// Run the DIR command after creating the marker file then delete the marker file so the property can read the file contents error free
createfile until EOF
echo. > {parameter "ImRunning"} 
for /f "tokens=2 delims==:" %%d in ('wmic logicaldisk where "drivetype=3" get name /format:value') do @dir %%d:\file2find.exe /s /b >> {parameter "outfile"} 
del {parameter "ImRunning"}"
EOF

delete FindFiles.cmd
copy __createfile FindFiles.cmd

runhidden FindFiles.cmd

Once the action has run on the endpoints, the results are retrieved by a property. For us, we were also interested in knowing if the files were the same or not so we also retrieved the SHA1 values. As it is quite possible the property will evaluate while the recursive DIR is still running, that is why the action creates the “searching.txt” file and if the property sees this file, then it will not process the file thus avoid file lock issues we encountered. As we use this approach for different files, we use parameters in the actionscript so when making copies of the task for a different file, its only 1 or 2 changes to make.

if (exists file (expand environment string of "%25TEMP%25" & "\findfile.txt") whose (number of lines of it > 0)) then (if(not exists file (expand environment string of "%25TEMP%25" & "\searching.txt")) then ((it as string & "," & sha1 of file it as string) of (lines of file (expand environment string of "%25TEMP%25" as string & "\findfile.txt"))) else ("SearchInProgress")) else ("EmptyFile")

Regs
Rob

Hi @vikki, Please suggest in below analyses… as I need to generate a output in next line, as you can see a mess of files… in given relevance I am searching a keyword named “test” in entire system. and need a output in proper format i.e in next line.

Q:"" & concatenation “” of pathnames of descendants whose (name of it as lowercase contains “test”) of folders “” of drives whose (type of it=“DRIVE_FIXED”) & ""**
A: C:\FixletDebugger-8.2.1175.0\Test\test.qna C:\FixletDebugger-8.2.1175.0\test.txt C:\Program Files\controls\test.vbsC:\Windows\test.vbsC:\Windows\system32\test.vbs

I think it will take the resources that the Agent is limited with. The difference with the debugger is that it runs using all available resources.
Of course, there will be an I/O load, but you should try in Test environment before go to production.

Can anyone suggest that how to get the output in next line… like given below…

C:\FixletDebugger-8.2.1175.0\Test\test.qna
C:\FixletDebugger-8.2.1175.0\test.txt C:\Program Files\controls\test.vbs
C:\Windows\test.vbsC:\Windows\system32\test.vbs

Q:"" & concatenation “” of pathnames of descendants whose (name of it as lowercase contains “test”) of folders “” of drives whose (type of it=“DRIVE_FIXED”) & “”**
A: C:\FixletDebugger-8.2.1175.0\Test\test.qna C:\FixletDebugger-8.2.1175.0\test.txt C:\Program Files\controls\test.vbsC:\Windows\test.vbsC:\Windows\system32\test.vbs

Also need to search multiple files in entire system… which can be a keyword or extensions…pls assist

Thanks @fermt, for your suggestion, while doing testing in some test machines I am getting below error…

E: The expression could not be evaluated: class IllegalFileName

Sharing Analyses Relevance for your reference…

Q: pathnames of descendants whose (name of it as lowercase contains “abc.ini” or name of it as lowercase contains “xyz.exe” ) of folders “” of drives whose (type of it=“DRIVE_FIXED”)
A: C:\Documents and Settings\Test\abc.ini
E: The expression could not be evaluated: class IllegalFileName

Because of the default way that the BES Client functions (10ms “Active”, 480ms “Suspended”), if you try to do this with Relevance, you will fail, or at the very least, your will seriously degrade the performance of your BigFix Environment.

I recommend you use a Task, to issue a DIR command to meet your example of finding files “test.*”

Something like the following will create the file FindFiles.log that contains the list of all of the TEST.* files on the system it is run on …

CD \
DIR /B /S Test.* > C:\Windows\Temp\FindFiles.log

You don’t mention what you want/need to do with the information.

1 Like

Hi @TimRice,

Can we search a specific file in entire system with a defined keywords basis… i.e. CIS DATA Moleler.exe

As in given command if we add DIR /B /S CIS DATA Moleler.exe; CINni.exe; > C:\Windows\FindFiles.log then it’s generating output of those file who even contain the some part of file name… as we need to search exact file name in entire system.

C:\Users\All Users\AGNS\NetClient\Data - incorrect
C:\Users\All Users\AGNS\CINni.exe - correct
C:\Users\All Users\Microsoft\OFFICE\DATA - incorrect
C:\Users\All Users\Microsoft\Search\ CIS DATA Moleler.exe - correct

DIR FIND /B /S “CIS DATA Moleler.exe” “CINni.exe” > C:\FindFiles.log

As I have multiple Partitions in system, in which I need to search such keywords… so is there any one liner command available to add all fixed drive for search rather creating a batch file…

I hope it will work for me…