Removing MIME fields

strawgate · May 1, 2016 · a4d59e1 · a4d59e1
1 parent 5af904b
commit a4d59e1
Show file tree

Hide file tree

Showing 13 changed files with 14 additions and 160 deletions.
diff --git a/Analyses/Applications - Teamviewer - Configuration - Windows.bes b/Analyses/Applications - Teamviewer - Configuration - Windows.bes
@@ -1,16 +1,13 @@
 <?xml version="1.0" encoding="UTF-8"?>
+
 <BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
 	<Analysis>
 		<Title>Applications - Teamviewer - Configuration - Windows</Title>
-		<Description>Covers the configuation of TeamViewer on the client.</Description>
+		<Description>Covers the configuation of TeamViewer on the client. </Description>
 		<Relevance>windows of operating system</Relevance>
 		<Relevance>exists key "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\teamviewer" of x32 registry</Relevance>
 		<Source>Internal</Source>
 		<SourceReleaseDate>2016-04-18</SourceReleaseDate>
-		<MIMEField>
-			<Name>x-fixlet-modification-time</Name>
-			<Value>Tue, 19 Apr 2016 03:16:34 +0000</Value>
-		</MIMEField>
 		<Domain>BESC</Domain>
 		<Property Name="Teamviewer - Always On - Windows" ID="1">if (value "Always_Online" of key "HKEY_LOCAL_MACHINE\Software\TeamViewer" of x32 registry as string = "1") then "Enabled" else "Disabled"</Property>
 		<Property Name="Teamviewer - Client ID - Windows" ID="2">value "ClientID" of key "HKEY_LOCAL_MACHINE\Software\TeamViewer" of x32 registry</Property>

diff --git a/Analyses/Applications - Teamviewer - Windows.bes b/Analyses/Applications - Teamviewer - Windows.bes
@@ -1,15 +1,12 @@
 <?xml version="1.0" encoding="UTF-8"?>
+
 <BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
 	<Analysis>
 		<Title>Applications - Teamviewer - Windows</Title>
 		<Description>Provides information on the installation status of TeamViewer </Description>
 		<Relevance>windows of operating system</Relevance>
 		<Source>Internal</Source>
 		<SourceReleaseDate>2016-04-18</SourceReleaseDate>
-		<MIMEField>
-			<Name>x-fixlet-modification-time</Name>
-			<Value>Tue, 19 Apr 2016 03:21:41 +0000</Value>
-		</MIMEField>
 		<Domain>BESC</Domain>
 		<Property Name="Teamviewer - Installed - Windows" ID="1">exists key "HKEY_LOCAL_MACHINE\Software\TeamViewer" of x32 registry</Property>
 	</Analysis>

diff --git a/Analyses/Remote Assistance - Configuration - Windows.bes b/Analyses/Remote Assistance - Configuration - Windows.bes
@@ -1,4 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
+
 <BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
 	<Analysis>
 		<Title>Remote Assistance - Configuration - Windows</Title>
@@ -11,31 +12,10 @@
 <LI>Users and Groups allowed to initiate offers to this computer</LI></UL>]]></Description>
 		<Relevance>windows of operating system</Relevance>
 		<Relevance>exists key "HKLM\Software\policies\Microsoft\Windows NT\Terminal Services" of registry</Relevance>
-		<MIMEField>
-			<Name>bigfixme-added-time</Name>
-			<Value>Thu, 14 Apr 2016 16:23:09 GMT</Value>
-		</MIMEField>
-		<MIMEField>
-			<Name>bigfixme-modification-time</Name>
-			<Value>Thu, 14 Apr 2016 16:23:09 GMT</Value>
-		</MIMEField>
-		<MIMEField>
-			<Name>bigfixme-keywords</Name>
-			<Value>Poor Man's Remote Control</Value>
-		</MIMEField>
-		<MIMEField>
-			<Name>bigfixme-ID</Name>
-			<Value>2996921</Value>
-		</MIMEField>
-		<MIMEField>
-			<Name>x-fixlet-modification-time</Name>
-			<Value>Fri, 15 Apr 2016 00:47:06 +0000</Value>
-		</MIMEField>
 		<Domain>BESC</Domain>
 		<Property Name="Remote Assistance - Logging - Windows" ID="1">if ((value "LoggingEnabled" of key "HKLM\Software\policies\Microsoft\Windows NT\Terminal Services" of registry as integer = 1) | false) then "Enabled" else "Disabled" | "Disabled"  </Property>
 		<Property Name="Remote Assistance - Unsolicited View - Windows" ID="2">if ((value "fAllowUnsolicited" of key "HKLM\Software\policies\Microsoft\Windows NT\Terminal Services" of registry as integer = 1) | false) then "Enabled" else "Disabled" | "Disabled"  </Property>
 		<Property Name="Remote Assistance - Unsolicited Control - Windows" ID="3">if ((value "fAllowUnsolicitedFullControl" of key "HKLM\Software\policies\Microsoft\Windows NT\Terminal Services" of registry as integer = 1) | false) then "Enabled" else "Disabled" | "Disabled"  </Property>
 		<Property Name="Remote Assistance - Allowed Helpers - Windows" ID="4">if (exists key "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit" of registry) then (names of values of key "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit" of registry) else ("none")</Property>
 	</Analysis>
 </BES>
-
diff --git a/Analyses/Remote Assistance - Event Logs - Windows.bes b/Analyses/Remote Assistance - Event Logs - Windows.bes
@@ -1,4 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
+
 <BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
 	<Analysis>
 		<Title>Remote Assistance - Event Logs - Windows</Title>
@@ -9,13 +10,8 @@
 		<Relevance>exists event log "Microsoft-Windows-RemoteAssistance/Operational" | false</Relevance>
 		<Source>Internal</Source>
 		<SourceReleaseDate>2016-04-14</SourceReleaseDate>
-		<MIMEField>
-			<Name>x-fixlet-modification-time</Name>
-			<Value>Fri, 15 Apr 2016 00:45:10 +0000</Value>
-		</MIMEField>
 		<Domain>BESC</Domain>
 		<Property Name="Remote Assistance - Outgoing Requests - Windows" ID="1">(time generated of it, name of user of user sid of it, substring before "as the command line" of substring after "with:" of description of it as string) of (records of event log "Microsoft-Windows-RemoteAssistance/Operational") whose (description of it contains "as the command line parameters" and description of it does not contain "CreateRA")</Property>
 		<Property Name="Remote Assistance - Incoming Requests - Windows" ID="2">(name of user of user sid of it, time generated of it) of (records of event log "Microsoft-Windows-RemoteAssistance/Operational") whose (description of it contains "A Remote Assistance Invitation was successfully opened.")</Property>
 	</Analysis>
 </BES>
-
diff --git a/Analyses/Remote Assistance - Session Logs - Windows.bes b/Analyses/Remote Assistance - Session Logs - Windows.bes
@@ -1,4 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
+
 <BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
 	<Analysis>
 		<Title>Remote Assistance - Session Logs - Windows</Title>
@@ -24,30 +25,9 @@
 <LI>Time of session end</LI></UL>]]></Description>
 		<Relevance>windows of operating system</Relevance>
 		<Relevance><![CDATA[exists (folders "Remote Assistance Logs" of folders "Documents" of folders of folder (name of drive of system folder & "\Users"))]]></Relevance>
-		<MIMEField>
-			<Name>bigfixme-added-time</Name>
-			<Value>Thu, 14 Apr 2016 16:23:10 GMT</Value>
-		</MIMEField>
-		<MIMEField>
-			<Name>bigfixme-modification-time</Name>
-			<Value>Thu, 14 Apr 2016 16:23:10 GMT</Value>
-		</MIMEField>
-		<MIMEField>
-			<Name>bigfixme-keywords</Name>
-			<Value>Poor Man's Remote Control</Value>
-		</MIMEField>
-		<MIMEField>
-			<Name>bigfixme-ID</Name>
-			<Value>2996922</Value>
-		</MIMEField>
-		<MIMEField>
-			<Name>x-fixlet-modification-time</Name>
-			<Value>Fri, 15 Apr 2016 00:49:19 +0000</Value>
-		</MIMEField>
 		<Domain>BESC</Domain>
 		<Property Name="Remote Assistance - Incoming Connection Established - Windows" ID="3"><![CDATA[(xpath "CONNECTION_ESTABLISHED" of it as text, xpath "INCOMING_IP_ADDRESS" of it as text, node value of attribute "DATE" of xpath "CONNECTION_ESTABLISHED" of it as string, node value of attribute "TIME" of xpath "CONNECTION_ESTABLISHED" of it as string) of  xpaths "/SESSION" of xml documents whose (exists xpath "/SESSION/INVITATION_OPENED" of it) of files of folders "Remote Assistance Logs" of folders "Documents" of folders of folder (name of drive of system folder & "\Users")]]></Property>
 		<Property Name="Remote Assistance - Incoming Control Granted - Windows" ID="4"><![CDATA[(xpath "CONNECTION_ESTABLISHED" of it as text | "none", xpath "INCOMING_IP_ADDRESS" of it as text | "none", node value of attribute "DATE" of xpath "EXPERT_CONTROL_STARTED" of it as string | "none", node value of attribute "TIME" of xpath "EXPERT_CONTROL_STARTED" of it as string | "none") of  xpaths "/SESSION" of xml documents whose (exists xpath "/SESSION/EXPERT_CONTROL_STARTED" of it and exists xpath "/SESSION/INVITATION_OPENED" of it) of files of folders "Remote Assistance Logs" of folders "Documents" of folders of folder (name of drive of system folder & "\Users")]]></Property>
 		<Property Name="Remote Assistance - Incoming Session Times - Windows" ID="5"><![CDATA[(xpath "CONNECTION_ESTABLISHED" of it as text | "none", attribute "DATE" of xpath "CONNECTION_ESTABLISHED" of it as text | "none", attribute "TIME" of xpath "CONNECTION_ESTABLISHED" of it as text | "none", attribute "DATE" of xpath "CONNECTION_ENDED" of it as text | "none", attribute "TIME" of xpath "CONNECTION_ENDED" of it as text | "none") of  xpaths "/SESSION" of xml documents whose (exists xpath "/SESSION/INVITATION_OPENED" of it) of files of folders "Remote Assistance Logs" of folders "Documents" of folders of folder (name of drive of system folder & "\Users")]]></Property>
 	</Analysis>
 </BES>
-
diff --git a/Analyses/Remote Assistance - Windows.bes b/Analyses/Remote Assistance - Windows.bes
@@ -1,4 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
+
 <BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
 	<Analysis>
 		<Title>Remote Assistance - Windows</Title>
@@ -9,13 +10,8 @@
 		<Relevance><![CDATA[version of operating system >= "6.1"]]></Relevance>
 		<Source>Internal</Source>
 		<SourceReleaseDate>2016-04-14</SourceReleaseDate>
-		<MIMEField>
-			<Name>x-fixlet-modification-time</Name>
-			<Value>Fri, 15 Apr 2016 00:44:58 +0000</Value>
-		</MIMEField>
 		<Domain>BESC</Domain>
 		<Property Name="Remote Assistance - Installed" ID="1"><![CDATA[if (name of operating system as string starts with "Win2") then (exists selects "* from Win32_ServerFeature where (Name like 'Remote Assistance')" of wmi) else (if (version of operating system >= "6.1") then (true) else (false))]]></Property>
 		<Property Name="Remote Assistance - Enabled" ID="2">(value "fAllowUnsolicitedFullControl" of key "HKLM\Software\policies\Microsoft\Windows NT\Terminal Services" of registry as integer | 0) = 1</Property>
 	</Analysis>
 </BES>
-
diff --git a/Fixlets/Deploy - Remote Assistance Right Click Options - 1.0.0.0 - Windows.bes b/Fixlets/Deploy - Remote Assistance Right Click Options - 1.0.0.0 - Windows.bes
@@ -1,4 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
+
 <BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
 	<Fixlet>
 		<Title>Deploy - Remote Assistance Right Click Options - 1.0.0.0 - Windows</Title>
@@ -15,26 +16,6 @@
 		<SourceSeverity></SourceSeverity>
 		<CVENames></CVENames>
 		<SANSID></SANSID>
-		<MIMEField>
-			<Name>bigfixme-added-time</Name>
-			<Value>Thu, 14 Apr 2016 16:23:39 GMT</Value>
-		</MIMEField>
-		<MIMEField>
-			<Name>bigfixme-modification-time</Name>
-			<Value>Thu, 14 Apr 2016 16:23:39 GMT</Value>
-		</MIMEField>
-		<MIMEField>
-			<Name>bigfixme-keywords</Name>
-			<Value>Poor Man's Remote Control</Value>
-		</MIMEField>
-		<MIMEField>
-			<Name>bigfixme-ID</Name>
-			<Value>12951</Value>
-		</MIMEField>
-		<MIMEField>
-			<Name>x-fixlet-modification-time</Name>
-			<Value>Fri, 15 Apr 2016 00:43:47 +0000</Value>
-		</MIMEField>
 		<Domain>BESC</Domain>
 		<DefaultAction ID="Action1">
 			<Description>
@@ -54,4 +35,3 @@ regset "[HKEY_USERS\{component string of sid of security account (name of curren
 		</DefaultAction>
 	</Fixlet>
 </BES>
-
diff --git a/Fixlets/Uninstall - Remote Assistance Right Click Options - Windows.bes b/Fixlets/Uninstall - Remote Assistance Right Click Options - Windows.bes
@@ -1,4 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
+
 <BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
 	<Fixlet>
 		<Title>Uninstall - Remote Assistance Right Click Options - Windows</Title>
@@ -14,10 +15,6 @@
 		<SourceSeverity></SourceSeverity>
 		<CVENames></CVENames>
 		<SANSID></SANSID>
-		<MIMEField>
-			<Name>x-fixlet-modification-time</Name>
-			<Value>Mon, 18 Apr 2016 14:11:38 +0000</Value>
-		</MIMEField>
 		<Domain>BESC</Domain>
 		<DefaultAction ID="Action1">
 			<Description>
@@ -34,4 +31,3 @@ wait cmd.exe /c reg delete "HKEY_CURRENT_USER\Software\BigFix\Enterprise Console
 		</DefaultAction>
 	</Fixlet>
 </BES>
-
diff --git a/Fixlets/Update - Remote Assistance Right Click Options - 1.0.0.0 - Windows.bes b/Fixlets/Update - Remote Assistance Right Click Options - 1.0.0.0 - Windows.bes
@@ -1,4 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
+
 <BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
 	<Fixlet>
 		<Title>Update - Remote Assistance Right Click Options - 1.0.0.0 - Windows</Title>
@@ -15,26 +16,6 @@
 		<SourceSeverity></SourceSeverity>
 		<CVENames></CVENames>
 		<SANSID></SANSID>
-		<MIMEField>
-			<Name>bigfixme-added-time</Name>
-			<Value>Thu, 14 Apr 2016 16:23:41 GMT</Value>
-		</MIMEField>
-		<MIMEField>
-			<Name>bigfixme-modification-time</Name>
-			<Value>Thu, 14 Apr 2016 16:23:41 GMT</Value>
-		</MIMEField>
-		<MIMEField>
-			<Name>bigfixme-keywords</Name>
-			<Value>Poor Man's Remote Control</Value>
-		</MIMEField>
-		<MIMEField>
-			<Name>bigfixme-ID</Name>
-			<Value>12952</Value>
-		</MIMEField>
-		<MIMEField>
-			<Name>x-fixlet-modification-time</Name>
-			<Value>Fri, 15 Apr 2016 00:43:33 +0000</Value>
-		</MIMEField>
 		<Domain>BESC</Domain>
 		<DefaultAction ID="Action1">
 			<Description>
@@ -53,4 +34,3 @@ regset "[HKEY_USERS\{component string of sid of security account (name of curren
 		</DefaultAction>
 	</Fixlet>
 </BES>
-
diff --git a/Fixlets/Warning - Control+Alt+Delete Injection may not be allowed.bes b/Fixlets/Warning - Control+Alt+Delete Injection may not be allowed.bes
@@ -1,4 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
+
 <BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
 	<Fixlet>
 		<Title>Warning - Control+Alt+Delete Injection may not be allowed</Title>
@@ -16,11 +17,6 @@
 		<SourceSeverity></SourceSeverity>
 		<CVENames></CVENames>
 		<SANSID></SANSID>
-		<MIMEField>
-			<Name>x-fixlet-modification-time</Name>
-			<Value>Mon, 18 Apr 2016 13:56:15 +0000</Value>
-		</MIMEField>
 		<Domain>BESC</Domain>
 	</Fixlet>
 </BES>
-
diff --git a/Fixlets/Warning - Remote Assistance may not be installed.bes b/Fixlets/Warning - Remote Assistance may not be installed.bes
@@ -1,4 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
+
 <BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
 	<Fixlet>
 		<Title>Warning - Remote Assistance may not be installed</Title>
@@ -14,10 +15,6 @@
 		<SourceSeverity></SourceSeverity>
 		<CVENames></CVENames>
 		<SANSID></SANSID>
-		<MIMEField>
-			<Name>x-fixlet-modification-time</Name>
-			<Value>Mon, 18 Apr 2016 14:01:47 +0000</Value>
-		</MIMEField>
 		<Domain>BESC</Domain>
 		<DefaultAction ID="Action1">
 			<Description>
@@ -31,4 +28,3 @@ wait dism.exe /online /enable-feature /featurename=RemoteAssistance</ActionScrip
 		</DefaultAction>
 	</Fixlet>
 </BES>
-
diff --git a/Fixlets/Warning - Unsolicited Remote Assistance may not be allowed.bes b/Fixlets/Warning - Unsolicited Remote Assistance may not be allowed.bes
@@ -1,4 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
+
 <BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
 	<Fixlet>
 		<Title>Warning - Unsolicited Remote Assistance may not be allowed</Title>
@@ -15,26 +16,6 @@
 		<SourceSeverity>Critical</SourceSeverity>
 		<CVENames></CVENames>
 		<SANSID></SANSID>
-		<MIMEField>
-			<Name>bigfixme-added-time</Name>
-			<Value>Thu, 14 Apr 2016 16:23:39 GMT</Value>
-		</MIMEField>
-		<MIMEField>
-			<Name>bigfixme-modification-time</Name>
-			<Value>Thu, 14 Apr 2016 16:23:39 GMT</Value>
-		</MIMEField>
-		<MIMEField>
-			<Name>bigfixme-keywords</Name>
-			<Value>Poor Man's Remote Control</Value>
-		</MIMEField>
-		<MIMEField>
-			<Name>bigfixme-ID</Name>
-			<Value>12950</Value>
-		</MIMEField>
-		<MIMEField>
-			<Name>x-fixlet-modification-time</Name>
-			<Value>Mon, 18 Apr 2016 14:01:27 +0000</Value>
-		</MIMEField>
 		<Domain>BESC</Domain>
 		<DefaultAction ID="Action1">
 			<Description>
@@ -46,4 +27,3 @@
 		</DefaultAction>
 	</Fixlet>
 </BES>
-
diff --git a/Fixlets/Warning - Windows Firewall may be blocking Remote Assistance.bes b/Fixlets/Warning - Windows Firewall may be blocking Remote Assistance.bes
@@ -1,4 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
+
 <BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
 	<Fixlet>
 		<Title>Warning - Windows Firewall may be blocking Remote Assistance</Title>
@@ -13,26 +14,6 @@
 		<SourceSeverity>Critical</SourceSeverity>
 		<CVENames></CVENames>
 		<SANSID></SANSID>
-		<MIMEField>
-			<Name>bigfixme-added-time</Name>
-			<Value>Thu, 14 Apr 2016 16:23:37 GMT</Value>
-		</MIMEField>
-		<MIMEField>
-			<Name>bigfixme-modification-time</Name>
-			<Value>Thu, 14 Apr 2016 16:23:37 GMT</Value>
-		</MIMEField>
-		<MIMEField>
-			<Name>bigfixme-keywords</Name>
-			<Value>Poor Man's Remote Control</Value>
-		</MIMEField>
-		<MIMEField>
-			<Name>bigfixme-ID</Name>
-			<Value>12949</Value>
-		</MIMEField>
-		<MIMEField>
-			<Name>x-fixlet-modification-time</Name>
-			<Value>Mon, 18 Apr 2016 14:00:48 +0000</Value>
-		</MIMEField>
 		<Domain>BESC</Domain>
 		<DefaultAction ID="Action1">
 			<Description>
@@ -44,4 +25,3 @@
 		</DefaultAction>
 	</Fixlet>
 </BES>
-