Purpose

This document provides information about how Protect's detection logic uses many variables to be able to scan all possible locations and should be able to pick up on changes to a system's Windows directory or other main directories.

Description

To help ensure that detection of all necessary files takes place, Protect uses variables to find items within many of the system directories such as Windows or Program Files. Some of them should always be recognized by Windows, and a few of the variables used in Protect's detection logic are just set within the logic.

When viewing patch information for a patch within Protect, you may see some of these variables listed in the 'File Location' column.

Example using the Windows Directory:

The location of C:\Windows is %windir% - specifically it's set from the reg key Key="SOFTWARE\Microsoft\Windows NT\CurrentVersion" Value="SystemRoot". Protect will use a few different variations to locate the proper Windows directory on a target system.

If someone changes the location of their windows directory Protect should automatically pick up on it based on the use of the %windir% variable. So, as long as the %windir% variable was working correctly Protect's detection logic should work as well for anything in the Windows directory, even if it was changed. The same applies in the case of Program Files and possibly a couple other system recognized variables.

List of some common variables used:

%windir%

%windir%

%windirsystem64%

%ProgramFiles%

%programfilesx64%

%CommonProgramFiles%

%commonprogramfilesx64%

Variables only used by Protect Detection Logic

For many applications, Shavlik's content team defines variables to use common paths. One example is the variable used for Chrome detection - %chromepath%. This variable is not recognized by Windows without being defined - it is only for use within Protect's detection logic to locate a Google Chrome installation.

Affected Product(s)

Shavlik Protect, All Versions