This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.
BMC Client Management
How do I collect the file version from a file on a client device?
These steps requires the "Software Distribution" module to work properly.
For the sake of this example I'm going to use file "c:\windows\system32\drivers\srv.sys". As of the time of writing, this file version check was critical to determining if a Windows vulnerability was patched. If it wasn't patched, it could cause ransomware to get on the computer.
The Batch FileTo start, we need to run a command on the system to actually get the file version. To do so we will use the following command in a batch file:
WMIC DATAFILE WHERE name="c:\\windows\\system32\\drivers\\srv.sys" get Version /format:Textvaluelist > "C:\temp\output.txt"
The first part collects the file version value, the part after the ">" redirects the output to the output.txt file which will be analyzed in the next steps. You can run this batch file manually to ensure it's working as intended.
The PackageSave the batch file to one of your package factories, then create a package using that batch file. I set my destination directory to c:\temp and my run command to c:\temp\fileversion.bat. The name of my batch file in this case was fileversion.bat.
The Operational RuleProceed to the operational rule (op rule) created by the package (or make your own and add the package as the first step). Add the following:
1. Add two (2) "Delete Line" steps with a five (5) second "Wait" step in between them. This will remove the two blank lines at the beginning of the file which were caused by the output of the WMIC command.
2. Add a "File Analysis via Regular Expression" step with the following parameters:
The (.*) entry is another way of telling it to match on anything and everything. "Ransomware Version" is how the object will display under the device's custom inventory node when the op rule finishes running and the data is uploaded to the master server.
3. Add a "Update Custom Inventory" step set up as follows:
This will upload the data to the master.
The ResultsAfter assigning this op rule to devices and waiting for execution to complete, you will see something similar to the following on your devices:
You may now choose to report on this information, and you'll find a new custom inventory object listed in the available queries which you can use to collect devices which have this version information present.