Are you using the "At least one must exist" option?
I am using:
File "blahblah NAME.DLL" Must Exist AND Light Checksum = "checksum size"
Using the "At Least ONE object must exist on the target AND all objects must match the additional criteria below"
This works in detecting if the specific DLL I am after exists. But it fails the compliance check as there are more than one samename DLLs found in the Snapshot but contain different checksum size.
Message was edited by: Vinnie Lima
what about using the 'is one of', 'contains' or 'substring of' operators instead of equals?
Is the comparison 'one of' going to provide different behavior than "equals to"? My understanding is that it will still have other DLLs which do not match a pre-defined list of checksums to cause the compliance rule to fail.
Besides - I dont want to have to populate all of the possible checksums as I don't know what DLL may pop up in a managed system. I just want the compliance to PASS if at least ONE of the expected DLLs appear on the server.
I'll test it anyway to see if the behavior changes.....
is one of probably won't do it. the others might, or you might have to nest some conditions together. i'm not sure there's a direct way to say basically find a match and stop.
what about something like name = foo.dll and checksum = blah where atleast one must be true?
Tried "is one of" and "contains" and "substring of" and didnt change the results.
Your suggestion is what I need but how do I configure it on BL as a rule?
I think you say:
one may exist and must meet:
Name = blah.dll
checksum = blah
The only option for the Compliance Condition that mirrors what you are saying below is:
Wildcarded Path: ??TARGET.WINDIR??/path/to/**/BLAH.dll
"At least ONE object must exist on the target AND all objects must match the additional criteria below:"
"Match any of the following conditions:"
"Light Checksum equals abcd123"
The condition above causes every object that meets the search criteria (in this case, BLAH.dll) but does NOT match the light checksum to be picked up and ends up causing the rule to fail.
Remember - all DLLs I am checking for are of the same name, but different instances of them have different MD5 checksums. (e.g. many BLAH.dll's are resident in subdirectories).
I think the problem is with the Compliance Condition "AND all objects must match the additional criteria below". You can't simply check for a single file with a single condition.
Unless there is some way of handling this through a nested conditional statement as individual conditions in the same rule.
1 of 1 people found this helpful
Vinne- I have done some testing with this and seem to be having some success.
I created a CT that collects ??TARGET.WINDIR??
created a compliance rule from that part that has the following conditions
Compliance Conditions:At least one object must exist on the target and all objects must match the additional criteria below:
Match "any" of hte following conditions:
Light CheckSum -->equals-->cd64ead87809abc930e69aa053c2043c
on my target server I have two folders with file.foo like this /c/windows/myfolder/file.foo and /c/windows/copy of myfolder/file.foo the later has the file with the matching checksum where as the first does not (I reversed these as well to see if it was successful as a result of checking in alphabetical order) and my compliance passed....
Can you give that a go?