Previous Topic: Key Attributes and NestingNext Topic: Intellisigs—Software Detection through Scripts

Configuring Asset ManagementHow to Create a Custom Software SignatureSoftware Signature XML Reference InformationSample Signatures

Sample Signatures

To create custom signatures, see the following sample signatures

Reading file version:

Assignment Wizard Exe 1.0
<file name="ABTRep\BIN\assgnwiz.exe" path="*" minversion="1.0" maxversion="1.0" />

Reading information using the Package Name Tag:

IBM Java 2 Runtime Environment v1.4.1 x86 32
<package name = "IBM 32-bit Runtime Environment for Java 2, v1.4.1" />

Checking for existence of registry key:

InCtrl5
<registry name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InCtrl5" />

Signature within one group with “AND” condition with file name and package name tags:

Quest Software Toad for Oracle 10.6
<group type="and">
<package name = "Toad for Oracle 10.6" />
<file name="TOAD.exe" minversion="10.6" maxversion="10.6" path="*" />
</group>

Signature with one “AND” group using package name and sysinfo osname tags:

IBM Directory Client SDK 4.1 [AIX] 
<group type="and"> 
<sysinfo osname="AIX" /> 
<package name="ldap.client.adt" version="4.1.0.0" /> 
</group>

Signature using the filename tag with file date attributes

Project Bridge Modeler 4.03.21
<file name="ABTRep\BIN\Pbm.exe" minmodified="1998-10-11T00:00:00Z" maxmodified="1998-10-13T23:59:59Z" path="*" />

Signature with one “AND” group using registry name and package name tags:

FedEx Ship Manager API 8.50.002
<group type="and">
<package name="FedEx Ship Manager API" />
<registry name="HKEY_LOCAL_MACHINE\SOFTWARE\FedEx\FedEx Ship Manager API\8.50.002" />
</group>

Signature with one “AND” group using registry name, file name (reading file version) and package name tags:

SAPIEN Technologies PrimalScript 2011
<group type="and">
<package name="PrimalScript 2011" version="6.0.*" />
<registry name="HKEY_LOCAL_MACHINE\SOFTWARE\SAPIEN Technologies, Inc.\PrimalScript\2011\" />
<file name="PrimalScript 2011\PrimalScript.exe" path="*" minversion="6.0" maxversion="6.0" />
</group>

Signature with one “AND” group using registry name, file name (verifying file existence) and package name tags:

X1 Desktop Search Professional 6.7
<group type="and">
<package name="X1 Professional Client" version="6.7" />
<registry name="HKEY_LOCAL_MACHINE\SOFTWARE\X1 Desktop Search" />
<file name="X1.exe" path="*" />
</group>

Signature with one “AND” group using sysinfo osname, file name (verifying file existence) and package name tags:

RHEL4-iproute 2.6.9-4.el4 x86 32 
<group type="and"> 
<sysinfo osname="Linux" /> 
<package name = "iproute" version="2.6.9" release="4.el4" /> 
<file name="/etc/redhat-release"/> 
</group>

Signature with nested groups (an “OR” and “NOT” condition inside an “AND”) using package name (using wild cards), registry name and file name (reading file versions/verifying file existence/reading file content):

IBM Lotus Notes Client 8.5.1
<group type="and">
<group type="or">
<package name = "Lotus Notes 8.5.1" version="8.51.*" />
<registry name="HKEY_LOCAL_MACHINE\SOFTWARE\Lotus\Notes\Version" match="080501" />
</group> 
<file name="notes.exe" minversion="8.5.10" maxversion="8.5.10" path="*" />
<group type="not">
<file name="notes.ini" match="FaultRecovery_Build=Release 8.5.1 FP1" path="*" />
</group>
</group>

Signature with one “AND” group using registry name and file name (verifying file existence by partial path specification/Reading file content):

IBM Lotus Workforce Management 6.1
<group type="and"> 
<registry name = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IBM Lotus Workforce Management" />  
<file name="Web-App_6.1.0\Packages\lwm.builders.base.pkg" path="*"  />
<file name=".com.zerog.registry.xml" path="*" match="Web-App_6.1.0\\Packages\\lwm.builders.checklist.pkg" />
</group>

Signature with one “AND” group using the sysinfo platform and filename tags with file size attributes:

Adobe Reader 7.0.9 PowerPC
<group type="and"> 
<sysinfo platform="Power Macintosh" /> 
<file name="MacOS/Adobe Reader" minfilesize="9140" maxfilesize="9140" path="*" /> 
</group>

Signature with one “AND” group using the packagename and filename tags with file size/file date attributes:

CA AllFusion Erwin Data Modeler r7
<group type="and"> 
<package name="CA AllFusion ERwin Data Modeler r7" /> 
<file name="ERwin.exe" minfilesize="3883008" maxfilesize="3883008" path="*" /> 
<file name="ERwin.exe" minmodified="2007-05-21T00:00:00Z" maxmodified="2007-05-21T23:59:59Z" path="*" /> 
</group>

Signature with nested groups(two “OR” conditions inside an “AND”) using registry name with wild card and file name (reading file versions):

Microsoft Office Project 2007 Standard Edition x86 32 EN
<group type ="and">
<registry name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\Project" />
<group type="or">
<registry name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B4-0409-0000-0000000FF1CE}" />
<registry name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-00B4-0409-0000-0000000FF1CE}" />
</group>
<group type="or">
<registry name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-003A-0000-0000-0000000FF1CE}\DisplayVersion" match="12.0.4518.*" />
<registry name="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91120000-003A-0000-0000-0000000FF1CE}\DisplayVersion" match="12.0.4518.*" />
</group>
<file name="OFFICE12\WINPROJ.EXE" minversion="12.0" maxversion="12.0" path="*" />
</group>

Intellisigs