Carbon Black Cloud: How to Retrieve Product Code from Windows MSI Using Powershell
book
Article ID: 289931
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
Explain how to get the version-specific Product Code/GUID of a Microsoft Installer (MSI) file using Powershell
Environment
- Carbon Black Cloud Sensor: All Versions
- Microsoft Windows: All Supported Versions
Resolution
By Path and Filename (single MSI)
- Launch Powershell.exe
- Locate desired MSI on device
- Use Get-AppLockerFileInformation to retrieve desired information
Get-AppLockerFileInformation -Path '<Path_To_MSI>\<installerName>.msi' | select -ExpandProperty Publisher | select ProductName,BinaryVersion,BinaryName
- Product Code/GUID shows as BinaryName
By Directory (multiple MSIs)
- Launch Powershell.exe
- Locate desired MSI on device
- Use Get-AppLockerFileInformation to retrieve desired information
Get-AppLockerFileInformation -Directory '<Path_To_Folder_With_MSIs>' -FileType WindowsInstaller -Recurse | select -ExpandProperty Publisher | select ProductName,BinaryVersion,BinaryName
- Product Code/GUID shows as BinaryName
Additional Information
- Product Code/GUID is specific to build version and type of installer (32-bit v 64-bit)
- Examples
- Single 3.7.0.1253 MSI located in C:\Users\TestUser\Desktop
PS C:\Windows\system32> Get-AppLockerFileInformation -Path 'C:\Users\TestUser\Desktop\installer-3.7.0.1253-cbd-64.msi' | select -ExpandProperty Publisher | select ProductName,BinaryVersion,BinaryName
- Multiple MSI files located in C:\Users\TestUser\Desktop
PS C:\Windows\system32> Get-AppLockerFileInformation -Directory "C:\Users\TestUser\Desktop" -FileType WindowsInstaller -Recurse | select -ExpandProperty Publisher | select ProductName,BinaryVersion,BinaryName
Feedback
thumb_up
Yes
thumb_down
No