Using smart groups to target computers to update PKG

Out of curiosity, why are you using the criteria 

Package Installed By Jamf → is not → YourPackageName.pkg

The other 2 should suffice for targeting. Also version matching is sometimes tricky (see> Google Chrome).  You may need to use regex to get your version matching to work properly.  If this isn’t an agent that updates frequently, you may just target all workstations based on version not equal to whatever this new version is.

Package Installed By Jamf → is not → YourPackageName.pkg

The three criteria were in a co pilot answer when scratching my head and trying to find the right solution. 

Snow does not appear as an app on Jamf, so we are unable to use application title or version. I had just scaled it down to state “Package Installed By Jamf → is not → YourPackageName.pkg”
 and it picks up three machines that I know have not got the latest Ver installed. Then the policy did not kick in, which lead me to think that the policy is not set up correctly.

In the policy I am using a custom Trigger with ongoing and “snowinventoryagent” in the custom event field. The package ( which we created in settings > packages ) and then in maintenance set it to update inventory

All of which is still not working. when looking at the logs on the policy I can see the three machines but they are all sat on pending ( have been for three days now )

Cheers
 

Ahhh… interesting. OK, then you’ll get rid of the first two criteria and only track by the package receipt (Package installed by JAMF). Because of this, you could control the name of the .pkg/receipt and use that to determine your version and upgrade need.

Personally, I would prefer a method that actively checked the installed agent version, but I’m unfamiliar with that agent and don’t have a recommendation on it. 

When I run into security agents that don't allow for native jamf reporting, I've found that a scripted EA can generally get the info I’m after.  Crowdstrike is a good example.  The data is there, however to get it you need to interact with the agent. The code may be off, we’ve not used Crowdstrike in a few years, but it used to be something like this:

verCheck=$(/Library/CS/falconctl stats | awk '/version/ {print $2}')

That being said - can you find where the snowagent installs and just try something like a -version against it? And then create your smart groups based on the data from the EA?

Also - when all else fails, ask the vendor how they expect you to track it.

going along with what ​@Chris_Hafner said, if its in the applications folder, you can do “Application title Is xxxx” or you can do an extension attribute with a script...something like (off the top of my head so excuse typos). I always like to add the default value of unknown in case there are any errors. that way I know it at least ran.

exists="Unknown"
if [[ -e /Applications/appName.app ]]; then
    exists="True"
else
    exists="False"
fi
echo "<result>$exists</result>"

After this, you can scope to the EA value in a smart group.

You can also make an EA that detects the version. It’s usually in appName.app/Contents/Info.plist CFBundleShortVersionString

​@easyedc You can limit the output of falconctl stats to specific sections, and if you’re just looking for the section with the version info it’d be falconctl stats agent_info