(imported topic written by SystemAdmin)
three quick questions
1 - Why is it the default stinger deployment fixlet is made to be non-relevant on Windows 7? It seems the following code causes the issue (CommonFilesDir is the culprit):
not exists key
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion" whose (exists value
"ProductId" of it OR exists value
"CommonFilesDir" of it)
2 - Is there a way to automate the updating of the stinger tool? It’s released quite frequently and manually updating the baseline is a pain.
3 - Has anyone written a task to run stinger with the interface exposed to the end user? We’d like to enable desktop techs with the ability to run it interactively through an offer. Would we need to use runascurrentuser.exe and / or enable the BESClient service interacting with the desktop on Windows XP and Window 7 (TEM 8.1)?
Thanks in advance for any and all help!
John
(imported comment written by JasonHonda)
The first issue is that we’re restricting Stinger content to only 32-bit windows. That relevance is a legacy check for excluding 64-bit. Not sure what the reasoning was back when this was put in. I’ve logged a bug to investigate if we can open this content up for 64-bit but not sure when we get to looking in more.
Automating the update would be difficult since the download link changes about once a week with an updated version, so the content will have to change. Not sure what other users do about the fixlets in baselines changing frequently.
(imported comment written by SystemAdmin)
Jason - thanks for looking into the fixlet relevance. There are no restrictions on McAfee’s end that I am aware, so hopefully removing that logic won’t be a big deal.
As for the automation, we need some kind of baseline syncing tool or something along the lines of the action regenerator for the anti-virus signatures. Previous requests were made for such a tool:
http://forum.bigfix.com/viewtopic.php?id=1736
http://forum.bigfix.com/viewtopic.php?id=2738
John