Returning the values that made a relevance expression false

(imported topic written by shawn313)

I am trying to figure out if there is a way to make this analysis work. We are seeing a problem where some places are getting antivirus exclusions, some aren’t getting the full list, so I’m hoping something like this would help me narrow down where I need to fix something. I know the registry key where the exclusions are stored, but I’m trying to figure out if there’s a way to display in an analysis only the exclusions that are missing. The logic I think would follow what I have below, but now I’m stuck:




“HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Real Time Scan Configuration”

as string

“C:\Program Files\BigFix Enterprise” and contains “exclusion2” … and contains “exclusion100”




(whatever relevance formula could just report that exclusion49 and exclusion67 were the ones that made the previous relevance statement false)

Thanks for any help!

Edited to add the “as string” bit I know I needed.

(imported comment written by jgstew)

Do you really need to know which ones are missing, or do you just need to know IF any are missing on a specific endpoint?

I would recommend an analysis property that returns the “ExcludedFolder” value completely, and another that figures out the number of exclusions in that property. Then look at the clients that have a lower number than expected because they require remediation.

How is the Excluded Folder value being set in the first place?