Video Screencast Help

Help with SQL Report for DLL search (NS7)

Created: 20 Jul 2010 • Updated: 22 Aug 2010 | 3 comments
This issue has been solved. See solution.

Hopefully one of you SQL wizards will help me out...

Years ago we bought software that contained ODBC drivers and at some point rolled these into our standard image.  We need to audit these files and true up for licensing, but due to the way they have just been included in the image, they don't actually show up as installed software any longer.

What I have:
the name of the DLL file that ultimately needs to be identified
two different registry paths to confirm its presence
the standard path on all corporate images (C:\CustomFolderName\example.dll)

What I've tried so far:
I created a software resource in NS named for the DLL
I created a detection rule using one of the registry paths under the Rules tab in the SW Resource
Under the File Inventory tab, I added the specific DLL file
I created a task for all the computers in the company to run a targetted inventory report on the created resource
Results indicate that no instance of my resource are found.

Any help is welcome, any further info I can provide let me know.

Thanks!

Comments 3 CommentsJump to latest comment

mclemson's picture

The detection rule should work.

Let's say the software with DLL's you installed always looks like this:
C:\Program Files\Example\Example11\example.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Example\Example11\ and has the string value ExampleVersion which begins with 11
HKEY_LOCAL_MACHINE\SOFTWARE\Example\Example11\ and has the string value ProgramPath which always equals 'C:\Program Files\Example\Example11\example.dll'

You should be able to create a new detection rule based on 'Registry value exists' and use HKEY_LOCAL_MACHINE\SOFTWARE\Example\Example11\ for path to value, ExampleVersion for valuename, Substring for the type, and 11 for the value.

If you create a detection rule, does it function properly?  Once we know the detection rule is functioning properly, then we can proceed to a Targeted Software Inventory which would provide compliance based on this software resource.

Does this make sense?  Does your detection rule function properly?

Mike Clemson, Senior Systems Engineer, ASC
Intuitive Technology Group -- Symantec Platinum Partner
intuitivetech.com

SOLUTION
thompsonm's picture

Thank you for your reply!

Although I thought I had built it correctly, your post made me go back and review the detection rule.  Sure enough, once I switched from Registry Key Exists to Registry Key Value, it started working.  The resource now reports on the installed software report.

I'm assuming I'm going to need 24 hours or more to get good scans of the enterprise, but that got me where I needed to be.  Sometimes you just need to be reminded to check your basics...

Thanks again,
Mike

mclemson's picture

Actually, your detection rule should work right away.  Detection rules aren't based on inventory, but instead are checked each time a software delivery executes.  If you think you need 24 hours because of inventory schedules, you should be able to send the software to everyone and get immediate results.  However, if you're just thinking you need 24 hours to get a good idea of who has the software and who doesn't, you're right that it will take a few days as PCs turn on and off and come in and out of your network.

Mike Clemson, Senior Systems Engineer, ASC
Intuitive Technology Group -- Symantec Platinum Partner
intuitivetech.com