Symantec Parent Server Fixlet

(imported topic written by SystemAdmin)

We are currently running an evaluation of BigFix and as part of the evaluation I am trying to create a property that will identify the current parent server of Symantec Antivirus clients.

So far I have created the following fixlet below. Two questions that I had were:

a) Is there a cleaner way to write the fixlet since in its current incarnation it isn’t very readable

if (exists key “HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Intel\LANDesk\VirusProtect6\CurrentVersion” of registry) then (if (exists value “Parent” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Intel\LANDesk\VirusProtect6\CurrentVersion” of registry as string) then (value “Parent” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Intel\LANDesk\VirusProtect6\CurrentVersion” of registry as string) else “No Parent Server”) else if (exists key “HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion” of registry) then (if (exists value “Parent” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion” of registry as string) then (value “Parent” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion” of registry as string) else (“No Parent Server”)) else if (exists file “C:\Program Files\Symantec AntiVirus\SyLink.xml” ) then (if (exists (node values of attributes “Address” of xpaths “/ServerSettings/CommConf/ServerList/ServerPriorityBlock/Server” of xml document of file “C:\Program Files\Symantec AntiVirus\SyLink.xml”)) then (node values of attributes “Address” of xpaths “/ServerSettings/CommConf/ServerList/ServerPriorityBlock/Server” of xml document of file “C:\Program Files\Symantec AntiVirus\SyLink.xml”) else (“No Parent Server”)) else (“No Parent Server”)

b) Is there a way to use a path value from the registry as a variable into a fixlet? I would like to use something like below to dynamically locate the path of SyLink.xml in the above fixlet:

if (exists key “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV” of registry) then (if (exists value “Home Directory” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV” of registry) then (value “Home Directory” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV” of registry as string) else “Symantec AV Not Installed”) else “Cannot determine home directory”

Thanks,

Paul

(imported comment written by BenKus)

Hi Paul,

a. Yep… Couple notes:

  • You don’t need to check the wow6432node because the agent will naturally look there on x64 computers (unless you use the “x64 registry”).
  • Starting with BigFix 8.0, you can use the “|” operator so you don’t need the “if (exists …)”… So you can rewrite it like this:

(value “Parent” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion” of registry as string) | (node value of attributes “Address” of xpaths “/ServerSettings/CommConf/ServerList/ServerPriorityBlock/Server” of xml document of file “C:\Program Files\Symantec AntiVirus\SyLink.xml”) | “No Parent Server”

b. The “it” operator in relevance can store a value (such as

q: (it + 1; it + 2) of 3

)… but in your example, you could just embed this as the file path:

(value “Parent” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion” of registry as string) | (node value of attributes “Address” of xpaths “/ServerSettings/CommConf/ServerList/ServerPriorityBlock/Server” of xml document of file (value “Home Directory” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV” of registry as string)) | “No Parent Server”

Ben