Right-Click ShellCommandRelevance Help

I’m trying to get a right-click item to run the manual update for Trend Micro OfficeScan on the selected computer. The command I need to run on the remote computer is:

C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe -us

This works from a command prompt:

cmd.exe /k C:\PSTools\psexec.exe -s \\\hostname "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -us

“Hostname” is a valid computer name hard-coded only for testing. I will replace “hostname” with the appropriate relevance, and a relevance to determine 64 vs. 32 bit once I get this part working.

When I put his into the registry for the ShellCommandRelevance, I get "Not all of the selected computers were able to run the selected action:

"cmd.exe /k C:\PSTools\psexec.exe -s \\\hostname "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -us"

I think the problem is with the quotes, and/or having the -us at the end, but I haven’t come up with any combination that works. Anyone have any suggestions?

Heh, replying to my own question with a fix, just in case anyone else runs into this:

"cmd.exe /k C:\PSTools\psexec.exe -s \\MI-ITSECWS05 %22C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe%22 -us"

You have to use %22 for the parenthesis around the file name.

2 Likes

Well, I’m back again. I replaced the hostname with &(value of property results whose (name of property of it = "DNS Name") of current computer)& , which works. I’m attempting to replace the hard-coded path to work for either 64 or 32 bit endpoints. This works in the fixlet debugger:

("%22"&(pathname of running application “pccntmon.exe”)&"%22")

and returns the path:

C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe

with the parenthesis intact. But I can’t for the life of me figure out how to shoehorn it into the registry key for Bigfix to be able to parse it.

I really wish they officially supported this.

jkj1962

I think you’ll need to work out if the endpoint is x64 using session relevance, something like this:

"cmd.exe /k C:\PSTools\psexec.exe -s " & (value of property results whose (name of property of it = "DNS Name") of current computer) & " %22C:\Program Files" & **(if(value of property results whose (name of property of it = "x64" ) of current computer = "True") then " (x86)" else "")** & "\Trend Micro\OfficeScan Client\pccntmon.exe%22 -us"
2 Likes

I use that relevance in several of my Right-clicks with no problems. I think the problem is having the “-us” arguments on the command line, or maybe there are just so many quotes that Bigfix can’t parse it. For now I think I’m just going to have to settle for separate 32 and 64 bit items.

I really DO wish they would officially support this.

I think this will do want you want to achieve, it may not be quite as elegant as using pathname mind…

"cmd.exe /k C:\PSTools\psexec.exe -s \\\\" & (value of property results whose (name of property of it = "DNS Name") of current computer) & " %22C:\Program Files" & (if(value of property results whose (name of property of it = "x64" ) of current computer = "True") then " (x86)" else "") & "\Trend Micro\OfficeScan Client\pccntmon.exe%22 -us"

Adding an echo shows this is generated:

C:\PSTools\psexec.exe -s \\\comp.foo.com "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -us

or

C:\PSTools\psexec.exe -s \\\compx64.foo.com "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -us

Any chance you could share one of your working examples using pathname of running application? I would like to understand more around what is possible here.

No luck with that, unfortunately. How did you phrase it with “echo”?

So far I haven’t been able to get the “pathname” relevance to work either.

I put it in after the /k so cmd echos the command rather than actually running it.

“cmd.exe /k **echo** C:\PSTools\psexec.exe -s \\\” & (value of property results whose (name of property of it = “DNS Name”) of current computer) & " %22C:\Program Files" & (if(value of property results whose (name of property of it = “x64” ) of current computer = “True”) then " (x86)" else “”) & “\Trend Micro\OfficeScan Client\pccntmon.exe%22 -us”

You might need to replace the double quotes as they can get messed up when posting on here.

Officially support what?

There is a minimal doc here: http://support.bigfix.com/labs/customright.html

I have some examples here: bigfix-content/ConsoleContextMenus at main · jgstew/bigfix-content · GitHub

You can debug these by running the session relevance through the BigFix Console Presentation Debugger or outputting the result to a file and then make sure what comes out works on the command line, then get that same thing in the right format in the registry, but I would get it working with regular session relevance first.

I don’t have this property in my vanilla root server. Ideally there would be an easy way to tell if a computer is 64bit or not just using the mandatory built in properties, but otherwise you’d have to create one.

If you had an analysis that returned the info for Trend Micro in general, then those properties could be used to determine the correct path for this EXE.

Example:

preceding texts of firsts "\" of following texts of firsts "\" of values of client settings whose(name of it = "_BESClient_UploadManager_BufferDirectory") of bes computers

This should return Program Files (x86) or Program Files on all Windows systems in BigFix in almost all cases. You can check by looking at the following:

(multiplicity of it, it) of unique values of preceding texts of firsts "\" of following texts of firsts "\" of values of client settings whose(name of it = "_BESClient_UploadManager_BufferDirectory") of bes computers

Next:

Once you have the above session relevance returning valid results for ALL windows systems, then you can move forward and generate the command you need for ALL computers:

("%22C:\" & it & "\Trend Micro\OfficeScan Client\pccntmon.exe%22 -us") of preceding texts of firsts "\" of following texts of firsts "\" of values of client settings whose(name of it = "_BESClient_UploadManager_BufferDirectory") of bes computers

Next:

Put it all together with hostname: (again… for ALL computers)

("\\" & item 0 of it & " %22C:\" & item 1 of it & "\Trend Micro\OfficeScan Client\pccntmon.exe%22 -us") of (hostname of it, preceding texts of firsts "\" of following texts of firsts "\" of values of client settings whose(name of it = "_BESClient_UploadManager_BufferDirectory") of it) of bes computers

Sanity check that the results look right.

Next:

Adapt it into the format required for Console Context Menu:

("\\" & item 0 of it & " %22C:\" & item 1 of it & "\Trend Micro\OfficeScan Client\pccntmon.exe%22 -us") of (hostname of it, preceding texts of firsts "\" of following texts of firsts "\" of values of client settings whose(name of it = "_BESClient_UploadManager_BufferDirectory") of it) of current computer

which should become:

"ShellCommandRelevance"="\"cmd.exe /k C:\PSTools\psexec.exe -s " & ( ("\\" & item 0 of it & " %22C:\" & item 1 of it & "\Trend Micro\OfficeScan Client\pccntmon.exe%22 -us") of (hostname of it, preceding texts of firsts "\" of following texts of firsts "\" of values of client settings whose(name of it = "_BESClient_UploadManager_BufferDirectory") of it) of current computer )"

I haven’t actually tested any of this in production since I don’t have Trend Micro, but hopefully this works.

I worked with ShellCommandRelevance for the first time last month, so I’m much better at the session relevance part than the ShellCommandRelevance part.

1 Like

Didn’t realise our x64 property was a custom one, sorry!

My session relevance isn’t all that great, I tried this in the session relevance tester using of bes computers whose (name of it as uppercase = “compName”) rather than of current computer but got “Error: A singular expression is required.”

Probably not as robust as I had to make texts and values singular, but it works using:

("cmd.exe /k echo C:\PSTools\psexec.exe -s " & "\\" & item 0 of it & " %22C:\" & item 1 of it & "\Trend Micro\OfficeScan Client\pccntmon.exe%22 -us") of (hostname of it, preceding text of first "\" of following text of first "\" of value of client settings whose(name of it = "_BESClient_UploadManager_BufferDirectory") of it) of current computer

1 Like

It is my understanding that the Right-Clicks are part of Bigfix Labs, which carries the note, “Bigfix Labs projects are not supported by IBM Support”, so basically it’s user-supported. I’ve been using them for a few years, and IBM actually broke them several versions ago by changing “MaxComputerSetSize” to “MaxSetSize”. I have quite a few custom ones for OfficeScan that I developed originally for Core Protection Module. This is a new one though, since I found the command line options to force a client update. I have all of the pieces that work separately, I just need to figure out how to put them together.

I think I’m going to have to leave this project as it is for awhile. I’ve got it working with separate 32 and 64 bit versions, and that will have to do.

Thanks.

1 Like

I have it in 3 analyses from “OS Deployment and Bare Metal Imaging”, so it might depend on what sites are subscribed to.

OK, I fixed the quotes and that works. Now, funny thing, I take the echo out, and lo and behold, it works on 64-bit machines, but not 32-bit.

I think Bigfix hates me sometimes. I think I may have to put this aside and just leave it with separate 32 and 64 bit items. Thanks.

OK, tried it again, and now it works, 64 and 32. I can’t explain it, maybe a typo, I’m just happy to get it done.

Thanks greatly for your help.

Did you ever try this in the presentation debugger?

("\\" & item 0 of it & " %22C:\" & item 1 of it & "\Trend Micro\OfficeScan Client\pccntmon.exe%22 -us") of (hostname of it, preceding texts of firsts "\" of following texts of firsts "\" of values of client settings whose(name of it = "_BESClient_UploadManager_BufferDirectory") of it) of bes computers

This means that the Support Staff can’t support this directly, but that is generally true with all custom content development. The forums, the slack, and people like myself will help as much as we can. Join the bigfix slack here: Slack

The slack invite link doesn’t work. Are you still using slack or does the forum have better info than slack? Thanks!