1 Reply Latest reply on Sep 6, 2017 9:50 AM by phoffmann

    How to find if file is on computers (query question)

    thepezident Rookie

      We have deep freeze installed on all our computers.

      When installed, there is a C:\Persi0.sys file on the computer.

       

      Long story short...not all computers are reporting into the Faronics console. Therefore, we want to run a query to find what computers have this file on them.

       

      I am in console under Network View, server, Queries, My queries.

      Computer, Software, Package, File Name = C:\Persi0.sys and it doesnt show any results

       

      I saw this How to scan for a specific file in the Inventory

       

      And noticed the Jan 23 post and it seems like they are asking the same thing as I.

       

      Any ideas for a first time poster??

       

      We are on Management Suite ver: 9.60.2.48

        • 1. Re: How to find if file is on computers (query question)
          phoffmann SupportEmployee

          You're not going to get this by default, as we don't usually report back on .SYS files by default.

           

          There's a couple of ways you can get this done though.

           

          1 - You can write a custom vulnerability. I tend to (ab-)use custom defs for all manner of "weird stuff". This is pretty easy. You're literally just checking for the existence of the file ... so any device that's "vulnerable" to the custom definitions means it has that file.

           

          If you're not sure how to create custom vulnerabilities - try this as a starting point - How To: Create a Custom Vulnerability Definition in Patch and Compliance Manager .

           

          Whether you use our default engine options (you're just checking for "FILE MUST NOT EXIST") without caring particularly about versions and such.

           

          2 - You COULD add ".SYS" files as a scan extension for all files to be collected. I probably wouldn't use that since you're likely to get 1,000-s of entries back ... but COULD be done.

           

          For reference, here's the option in the INVENTORY agent settings about where to add extension types that are important to you (again - BE CAREFUL what you wish for. We'll bring back *EVERY* file with such an extension):

           

          ... there's going to be a few other ways to get the goal post (I usually state that "there's at least 3 different ways to do the exact same thing") but in this instance, I think a custom vulnerability is the easiest option for you .

           

          Does that make sense / help?