So it sounds like there are a few ways to handle this. One analysis mentioned at WannaCry Vulnerability: Custom Analysis created to detect for Vulnerability referenced in MS17-010 and then this thread uses the following code if not exists keys whose( exists ( (name of it), ("KB4012212";"KB4012215";"KB4015549";"KB4019264";"KB4012213";"KB4012216";"KB4015550";"KB4019215";"KB4012606";"KB4015221";"KB4019474";"KB4013198";"KB4015219";"KB4019473";"KB4015438";"KB4015217";"KB4019472") ) whose(item 0 of it contains item 1 of it) ) of keys ("Windows\CurrentVersion\Uninstall";"Windows\CurrentVersion\Component Based Servicing\Packages";"WindowsNT\CurrentVersion\Hotfix") of keys "HKLM\SOFTWARE\Microsoft" of (x32 registries;x64 registries) then "Not Patched" else "Patched" (Modified a bit for our environment). Lastly there’s this method WannaCry Relevancy (duplicate) Do all of these methods work, and if so is there a preferred way of doing this?