-
Title
Custom Inventory Rule Applications -
Description
Custom inventory rules are very flexible and can be used to solve various problems from deployments to combating viruses. They allow you to create a custom software item and associate it to your own rules of detection. Custom inventory rules allow you to detect based on registry and file data.
-
Resolution
For example, one of the common problems that customers have is that they create a managed installation for a program like Acrobat 8.0 and deploy it to a set of computers. The problem occurs when the users decide to update Acrobat to 8.1. Following the update, the SMA (Systems Management Appliance) sees that Acrobat 8.0.0 is not on the machine and will try to reinstall it. This type of situation is corrected by using a custom inventory rule. To correct this problem a custom software item should be created called something like 'Acrobat 8.0 ALL' and enter the following syntax in its custom inventory field:
FileVersionGreaterThan(C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe, 7.99) AND FileVersionLessThan(C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe, 9.00)
You will also need to attach your deployment files to this custom software item as well as point your managed installation to this item as well. As computers check in, the custom item will be evaluated and you will be able to check software counts based on this rule on the software inventory tab.
A second example is to use the custom inventory field to identify certain viruses/trojans. If the attacker uses an identifiable file you can create a custom software item called something like 'Has xxx virus' and fill in the custom rule with something like this:
FileExists(C:\WINDOWS\system32\badfile.dll)
You can then keep an eye on your software inventory page for when they occur or you can create a Filter label that checks for 'Software titles contains Has xxx virus'
The full syntax of custom inventory rules can be found at (use your helpdesk login):