Retrieve last modified time of file, value of registry entry, etc. via K1000

For example, we have an enterprise-level, managed AV solution, but to double-check its accuracy, we would like to retrieve the last modified date of the virus definitions (DAT) file and have it brought into the K1000 interface somehow. Along those lines, we will probably encounter instances where we want to know whether a particular file exists on a workstations' file system or the content of a registry entry, etc. What is the best way to do this type of thing? Thanks.

0 Comments   [ + ] Show comments

Answers (2)

Posted by: chucksteel 5 years ago
Red Belt
You can do this using custom inventory rule. In the administrator interface click Inventory, Software then Choose Action, New. Create a rule in the Custom Inventory Rule textbox appropriately. You can check the help documentation for more information about now the rules function.

  • Okay, I think this makes sense, but where do the results end up? I went into Software, chose new, and made a new item called "TEST" with a custom inventory rule of FileInfoReturn(c:\x\x\x.xxx, ModifiedDate, DATE). As of now, under software, I have an item called TEST with blank columns except for a 0 under Devices. - k1knnja 5 years ago
    • If you force an update on a computer it should run the custom inventory rule (assuming that the OS matches what is selected in the rule). That data will then appear in the device inventory in the software section. The software title will also show which computers have run the rule. - chucksteel 5 years ago
Posted by: SMal.tmcc 5 years ago
Red Belt
Like Chucksteel posted use a CIR.

This is from the built in help

FileVersionEquals(path, version)
FileVersionLessThan(path, version)
FileVersionGreaterThan(path, version)
FileInfoGreaterThan(fullpath, attribute, type, value)
FileInfoLessThan(fullpath, attribute, type, value)
FileInfoEquals(fullpath, attribute, type, value)
FileInfoReturn(path, attribute, type)

Type can be TEXT, NUMBER, or DATE

attribute across platforms can be: access_time, AccessedDate, creation_time, CreatedDate, modification_time, ModifiedDate, FileName, size, device_id, inode, mode, number_links, device_number

attribute on Windows (5.4+) can be: Comments, CompanyName, FileBuildPart, FileDescription, FileMajorPart, FileMinorPart, FilePrivatePart, FileVersion, LegalCopyright, LegalTrademarks, OriginalFilename, PrivateBuild, ProductBuildPart, ProductMajorPart, ProductMinorPart, ProductName, ProductPrivatePart, ProductVersion, SpecialBuild


ShellCommandTextReturn(cmd /c type c:\WINDOWS\win.ini)
FileVersionEquals(C:\Program Files\Internet Explorer\iexplore.exe,8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339))
RegistryValueEquals(HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion,CSDVersion,Service Pack 2)
FileInfoReturn(/etc/hosts, modification_time, DATE)
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ