FILE_VERSION

This policy item checks if the version of the file specified by the file field is greater than or equal to the remote file version by default. The check can also be used to determine if the remote file version is lower by using the check_type option.

Note: This check requires remote registry access for the remote Windows system to function properly.

Usage

<custom_item>

type: FILE_VERSION

description: ["description"]

value_type: [VALUE_TYPE]

value_data: [value]

(optional) check_type: [value]

file: PATH_TO_FILE

file_option: [OPTION_TYPE]

check_type: CHECK_TYPE

</custom_item>

The allowed types are:

value_type: POLICY_FILE_VERSION

value_data: "file version"

file_option: MUST_EXIST or MUST_NOT_EXIST

Examples

<custom_item>

type: FILE_VERSION

description: "Audit for C:\WINDOWS\SYSTEM32\calc.exe"

value_type: POLICY_FILE_VERSION

value_data: "1.1.1.1"

file: "C:\WINDOWS\SYSTEM32\calc.exe"

</custom_item>

<custom_item>

type: FILE_VERSION

description: "Audit for C:\WINDOWS\SYSTEM32\calc.exe"

value_type: POLICY_FILE_VERSION

value_data: "1.1.1.1"

file: "C:\WINDOWS\SYSTEM32\calc.exe"

check_type: CHECK_LESS_THAN

</custom_item>