I’d like to be able to identify machines that have virus definitions older than a day.
I’ve found the corresponding registry key which contains a date. However I’m not quite sure how to convert the output into a date format and then compile some relevance around being less than a day. Any assistance appreciated.
q: if exists key “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs” whose (exists value “NAVCORP_70” of it)of registry then following text of last “” of (value “NAVCORP_70” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs” of registry as string) else (“Not present”)
(date (( last 2 of it & " " & first 3 of (month (last 2 of first 6 of it as integer) as string) & " " & first 4 of it) of preceding text of last “.” of it)) of “20090211.048” < current date - 1 * day
Thanks for that. Is there an easy way to tie that into my relevance. So for example how do I pass the registry value to your relevance to then output?.
if exists key “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs” whose (exists value “NAVCORP_70” of it)of registry then ((date (( last 2 of it & " " & first 3 of (month (last 2 of first 6 of it as integer) as string) & " " & first 4 of it) of preceding text of last “.” of it)) of following text of last “” of (value “NAVCORP_70” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs” of registry as string) < current date - 1 * day) as string else (“Not present”)
if exists key “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs” whose (exists value “NAVCORP_70” of it)of registry then ((date (( last 2 of it & " " & first 3 of (month (last 2 of first 6 of it as integer) as string) & " " & first 4 of it) of preceding text of last “.” of it)) of following text of last “” of (value “NAVCORP_70” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs” of registry as string) < current date - 30 * day) else false