For example, we have an enterprise-level, managed AV solution, but to double-check its accuracy, we would like to retrieve the last modified date of the virus definitions (DAT) file and have it brought into the K1000 interface somehow. Along those lines, we will probably encounter instances where we want to know whether a particular file exists on a workstations' file system or the content of a registry entry, etc. What is the best way to do this type of thing? Thanks.
0 Comments   [ - ] Hide Comments


Please log in to comment

Answer this question or Comment on this question for clarity


You can do this using custom inventory rule. In the administrator interface click Inventory, Software then Choose Action, New. Create a rule in the Custom Inventory Rule textbox appropriately. You can check the help documentation for more information about now the rules function.

Answered 11/03/2015 by: chucksteel
Red Belt

  • Okay, I think this makes sense, but where do the results end up? I went into Software, chose new, and made a new item called "TEST" with a custom inventory rule of FileInfoReturn(c:\x\x\x.xxx, ModifiedDate, DATE). As of now, under software, I have an item called TEST with blank columns except for a 0 under Devices.
    • If you force an update on a computer it should run the custom inventory rule (assuming that the OS matches what is selected in the rule). That data will then appear in the device inventory in the software section. The software title will also show which computers have run the rule.
Please log in to comment
Like Chucksteel posted use a CIR.

This is from the built in help

FileVersionEquals(path, version)
FileVersionLessThan(path, version)
FileVersionGreaterThan(path, version)
FileInfoGreaterThan(fullpath, attribute, type, value)
FileInfoLessThan(fullpath, attribute, type, value)
FileInfoEquals(fullpath, attribute, type, value)
FileInfoReturn(path, attribute, type)

Type can be TEXT, NUMBER, or DATE

attribute across platforms can be: access_time, AccessedDate, creation_time, CreatedDate, modification_time, ModifiedDate, FileName, size, device_id, inode, mode, number_links, device_number

attribute on Windows (5.4+) can be: Comments, CompanyName, FileBuildPart, FileDescription, FileMajorPart, FileMinorPart, FilePrivatePart, FileVersion, LegalCopyright, LegalTrademarks, OriginalFilename, PrivateBuild, ProductBuildPart, ProductMajorPart, ProductMinorPart, ProductName, ProductPrivatePart, ProductVersion, SpecialBuild


ShellCommandTextReturn(cmd /c type c:\WINDOWS\win.ini)
FileVersionEquals(C:\Program Files\Internet Explorer\iexplore.exe,8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339))
RegistryValueEquals(HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion,CSDVersion,Service Pack 2)
FileInfoReturn(/etc/hosts, modification_time, DATE)
Answered 11/03/2015 by: SMal.tmcc
Red Belt

Please log in to comment
Admin Script Editor
Admin Script Editor is an integrated scripting environment available free here at ITNinja