Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

Using Custom Script Validators in Data Identifiers

Created: 19 Oct 2012 | 1 comment

If you are not getting the results you expect when using a Custom Script Validator in a Data Identifier (e.g. checking a prefix before a match) don't forget to try a different function.

LOOK for the value "FALSE:" before a match - and do NOT create an incident:

$PreValue = getAsciiStringAt($matchPrefix, 0x4, 6);

$TestValue = 'FALSE:';

AssertFalse($PreValue == $TestValue);

The following does NOT work for me...

LOOK for the value "FALSE:" before a match - and do NOT create an incident:

$PreValue = getStringValueAt($matchPrefix, 0x4, 6);

$TestValue = 'FALSE:';

AssertFalse($PreValue == $TestValue);

Don't confuse the functions getStringValueAt() and getAsciiStringAt() like I did...  save yourself some time.

Bob.
 

Comments 1 CommentJump to latest comment

Jsneed's picture

Bob,

We have a problem on endpoint with regex expressions not working quite right and are using some scripts like this.  Is that the same reason you are doing this?  The reason I ask is that we may be able to get some more attention paid to endpoint regex engine if you are having the same problem.