I am attempting to create a BigFix analysis to locate the McAfee DAT version, the value of “AVDatVersion”.
(exists keys "HKLM\SOFTWARE\Wow6432Node\McAfee\AVEngine" whose (exists values whose(name of it = "AVDatVersion" ) of it) of registry) AND (exists keys "HKLM\SOFTWARE\Wow6432Node\McAfee\AVEngine" whose (exists values whose(name of it = "AVDatVersion" ) of it) of registry)
I think you have a GRAMMAR error… it should read “I HAVE created”… It seems to work, so were you asking a question?
1 Like
Here are two ways to accomplish this:
If you are looking just under the “HKLM\SOFTWARE\Wow6432Node\McAfee\AVEngine” key then you could use
exists value "AVDatVersion" of key "HKLM\SOFTWARE\Wow6432Node\McAfee\AVEngine" of registry
Or if you want to inspect all of the sub keys of “HKLM\SOFTWARE\Wow6432Node\McAfee\AVEngine” then you could use:
(name of it, exists value "AVDatVersion" of it) of keys of key "HKLM\SOFTWARE\Wow6432Node\McAfee\AVEngine" of registry
I hope this helps
AlanM
April 15, 2016, 8:27pm
4
If you are using “of registry” you don’t need the Wow6432Node part as that is assumed by the client
nm, found it! Typo on my end. value "AVDatVersion" of key "HKLM\SOFTWARE\Wow6432Node\McAfee\AVEngine" of native registry
AlanM
April 18, 2016, 10:03pm
6
Just to be clear the following would work on both 32 and 64 bit machines fine
value "AVDatVersion" of key "HKLM\SOFTWARE\McAfee\AVEngine" of registry
1 Like
jgstew
August 30, 2016, 9:25pm
7
I recommend writing stuff like this in this form:
unique values of (it as string) of values "AVDatVersion" of keys "HKLM\SOFTWARE\McAfee\AVEngine" of (x64 registries;x32 registries)