Kaseya Community

Universal Anti-Virus check

  • virusscanner.txt
    Hello there,

    I want to know the status of a anti-virus product.
    The standard scripts in Kaseya is only limited to the virus definitions of a few virus company’s.
    So I miss a lot of information. I'm trying to make a universal anti-virus check script that can report me



    1. What AntiVirus software is installed
    2. AntiVirus software version
    3. is it up to date
    4. on access scanner enabled?


    So used the Windows Management Instrumentation that’s supported
    in kaseya scripting.

    So when I run the script on a random machine It returns the following line in the agent script log.

    Agentlog:
    ------------------------------------------------
    AntiVirusProduct;"Norman ASA";"-1";"-1";"5.99"
    ------------------------------------------------

    the first one is just a value to indentify the script “AntiVirusProduct” (handy for reports)

    second one returns the Company Name of the virus product “Norman ASA”

    third is onacces scanning enabled “-1” (means running, 0 = not)

    fourth is it up to date “-1” (means up to date, 0 = not)

    the fifth is the AntiVirus software version “5.99”



    The next steps are
    1. Make WMI available on all machines;
    the known problem is that client’s that have their firewall enabled cannot run this script.There must be some simple workaround to fix this.

    2. Making a report that gives you a nice overview of their status.
    Like kaseya End-Point Security

    So the purpose of this post is to make the script better to work.

    Will you help me?

    Legacy Forum Name: Universal Anti-Virus check,
    Legacy Posted By Username: MarkvanEtten
  • Is there another script for W2K Pro machines? I have had success using this one on XP Pro machines but not on W2KPro. I get a Failed Then in Step 1 message since the Security Center does not exist.

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: akoop
  • Hiya,

    Just a query on this - This does not work for Vista and I have been searching for info on where this type of information is stored in Vista.

    Any IDeas.

    Also when originally building this script how did you know what was stored in root /security centre is there a webpage somewhere that details the structure of WMI I have been googling but not finding anything.

    Cheers

    Michael

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: mmartin
  • WMI-AV.txt
    Try this one
    Same idea using WMI , but the output is a bit friendlier to read.
    Scripts , vbs etc below , have also uploaded as attachements ( just need to rename wmi-av.vbs.txt as wmi-av.vbs )

    And works fine with Vista

    Just create a report on the script log using *WMI-Antivirus* as the description filter

    Cheers
    Paul

    Kaseya Script
    ***************************************
    Script Name: AV WMI Check
    Script Description: Check AV status via WMI

    IF True
    THEN
    Write File
    Parameter 1 : c:\wmi-av.vbs
    Parameter 2 : VSASharedFiles\wmi-av.vbs
    OS Type : 0
    Execute Shell Command
    Parameter 1 : cscript c:\wmi-av.vbs
    Parameter 2 : 1
    OS Type : 0
    Get File
    Parameter 1 : c:\av.txt
    Parameter 2 : av.txt
    Parameter 3 : 0
    OS Type : -1
    Get Variable
    Parameter 1 : 1
    Parameter 2 : c:\av.txt
    Parameter 3 : wmi-av
    OS Type : 0
    Write Script Log Entry
    Parameter 1 : WMI-Antivirus - #wmi-av#
    OS Type : 0
    Delete File
    Parameter 1 : c:\av.txt
    OS Type : 0
    ELSE
    *******************************************

    Save below as wmi-av.vbs
    *******************************************
    strComputer = "."

    Set objWMI = GetObject( _
    "winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\SecurityCenter")

    Set colItems = objWMI.ExecQuery("Select * from AntiVirusProduct")
    Set objFS = CreateObject("Scripting.FileSystemObject")
    Set objNewFile = objFS.CreateTextFile("c:\av.txt")
    For Each objItem in colItems
    objNewFile.WriteLine objitem.displayName &": Enabled=" &objitem.onAccessScanningEnabled &" UpToDate=" &objitem.productUptoDate &" Version " &objitem.versionNumber
    objNewFile.WriteLine vbCrLf
    Next
    objNewFile.Close
    ********************************************

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: haakerp
  • wmi-av.vbs.txt
    Attachment refers to previous post.

    Legacy Forum Name: Using VB to get WMI info,
    Legacy Posted By Username: haakerp
  • Hi there,

    Good script although is not bullet proof - I have ran it now on a good few machines and on quite a few I just get "WMI-Antivirus -" in the script log no information though. These are XP machines also so not sure what is causing that.

    I have run it successfully also but quite a lot of the above.

    Just some feedback on it.

    Michael

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: mmartin
  • I get the same on a few machines and on investigating found some had no AV installed and others had AV products I'd never heard of which I presuming at this stage that Microsoft also hasn't , or more realistically the AV vendors product doesn't conform to the WMI API and the MS Security Centre therefore doesn't know they are installed.

    Paul

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: haakerp
  • The idea it's Ok
    greats script, but I found little problem for me:
    what if the target machine does not have AV instaled?

    I did a little modification in the first script, the scritp send me and email when AV it's no updated or have real time scan desactivated
    (I only used a IF #variable# = 0 then send and email)
    Thank works fine. but when the target machine does not have and Installed AV no email is send to me

    I cant found any way that kaseya warn me about machines with out AV, pls help

    BTW, also in the script, it I use the IF = TRUE, I see that que ELSE statemt does not work (only THEN) it's that normal?

    thanks

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: e.sierra
  • Some systems may block VBS from running - very common on servers.
    Since Kaseya can pull WMI info directly from the Get Variable script command using the WMI Property as the type, what's wrong with that approach tried earlier by Mark?
    That would be a much cleaner way to gather this data rather than using the VBS script.

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: kentschu
  • Great script. Now is there a way to ALERT on a FALSE value in the script log or the actual results TXT file?

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: Interprom
  • I was able to get the script running correctly with the log file giving results like this:
    AVG Anti-Virus Network Edition: Enabled=True UpToDate=True Version 8.0

    When I run the report though I am not getting any results. I created a new row, selected the Script Log, selected the Script, and then put in *WMI-Antivirus* as the search filter. Am I missing something?

    Thanks!

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: Coldfirex
  • Does anyone know how to configure a script to use WMI? I have checked on the forum, online help and the knowledge base and have found very little. I am hoping that someone has a script they can share that successfully uses WMI.

    Thanks in advance.

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: mwolter
  • I am trying to replicate what the VBS listed earlier is doing. Just trying to figure out how to fix the formating the VBS script returns a "True" or "False" but the same call in Keseya returns a "-1" or "0"

    Anyone know how to fix the formating?
    Kaseya WMI call output
    AntiVirusProduct=Trend Micro Client-Server Security Agent AntiVirus Enabled=-1 UpToDate=-1 Version=7.6.1186


    VB script output for the same WMI calls
    WMI-Antivirus - Trend Micro Client-Server Security Agent AntiVirus: Enabled=True UpToDate=True Version 7.6.1186


    Any help on formating? Trying to ge this working due to server not liking VBS files ect.

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: azimzores
  • FYI to anyone looking at this, This does not work on Server platforms due to no security center option for WMI.

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: azimzores
  • Anyone get the alerting part working, if it comes up false?

    Legacy Forum Name: General Discussion,
    Legacy Posted By Username: scootrz32