Kaseya Community

Monitoring Anti Virus

  • Hi all,

    Me again - Ok I have another question which most of you will have a answer for I imagine.

    We use Symantec AV and I want to do a report each month to say all your av is up to date. Now I know I can run a script that will check the definition file and write it to the logs but the report I can generate from that is crap. It just shows the machine names as then a list of definition dates.

    How are people reporting this information - I would like it to say PCX.machine group - Av status = Up to date. or somethign like that maybe not exactly in english like this is. I don't want a whole report dedicated to definition dates and other useless information that the MD's could not care less about.
    So maybe something like the patch management report.

    Any ideas

    Thanks

    Michael

    Legacy Forum Name: Monitoring Anti Virus,
    Legacy Posted By Username: mmartin
  • I could use something like this also... Except I run Trend's SMB product on our client's network...

    It would be a nice report that I could hand out to the practice administrators to justify my existance...

    Legacy Forum Name: How-To,
    Legacy Posted By Username: GrantB
  • Hi,

    I have created vbs scripts to check for definition date in registry, make diff between current date and AV definition date , if diff is more than 5 days it triggers alarm (can be adjusted,etc..) .

    Supported for now GroupShield and Forefront. Will upload scripts/event sets in day or two, they need some fine tuning.

    Not perfect solution, but will do for now.

    And regarding report, i just add alarm counting to report...

    Rudi

    Legacy Forum Name: How-To,
    Legacy Posted By Username: rudi
  • I have done the same as Rudi however the only AV product I can't get this information for is CA eTrust. Does anyone know how to the latest signature update date for this product?

    Legacy Forum Name: How-To,
    Legacy Posted By Username: linda
  • Hi Linda,

    Any chance I can get my hands on your Symantec scripts. Not good with VBS or the likes.

    Would appreciate it.

    Michael

    Legacy Forum Name: How-To,
    Legacy Posted By Username: mmartin
  • Hi there,
    I am sure some one must have a solution to this. My question is:

    I want to show current antivirus DAT version and last update DATE in Executive Summary Report.

    I wrote a kaseya script which gets current registry values for DAT version and DATE last updated. Script can successfully upload values to the K-Server.

    In Executive Summary Report under ‘change rows’ section I have added a new row where I am calling above script.

    While generating report it shows number ‘1’ in specified field rather original value collected from system registry.

    Any idea where I am wrong and if any body can correct me here?

    Thanks in advance.

    Legacy Forum Name: How-To,
    Legacy Posted By Username: aidrees
  • aidrees
    Hi there,
    I am sure some one must have a solution to this. My question is:

    I want to show current antivirus DAT version and last update DATE in Executive Summary Report.

    I wrote a kaseya script which gets current registry values for DAT version and DATE last updated. Script can successfully upload values to the K-Server.

    In Executive Summary Report under ‘change rows’ section I have added a new row where I am calling above script.

    While generating report it shows number ‘1’ in specified field rather original value collected from system registry.

    Any idea where I am wrong and if any body can correct me here?

    Thanks in advance.


    'Each row lists the number of occurrences of each filtered log item in the last N days' .

    It only counts, u cant get results of script into row/executive report.

    For serious reporting, Kaseya integrated reporting is just not enough, IMHO.

    Rudi, NP

    Legacy Forum Name: How-To,
    Legacy Posted By Username: rudi
  • I am also interested in this. Any examples would be appreciated.

    Thanks.

    Legacy Forum Name: How-To,
    Legacy Posted By Username: GDRBrian
  • Hi,

    Does anyone have a sample script for checking Forefront AV definitions being up to date?

    Thanks,

    Legacy Forum Name: How-To,
    Legacy Posted By Username: Maclean
  • I'm porting my Trend AV Check program to C++ now. The new version will be 2.0. The key point here is the main code base should be able to be used with any anti-virus solution. So you may want to check the Trend AV monitoing postings as I will notify of there on the release of 2.0. This is not a free program but the costs are quite cheap. Here's an overview of what it does:

    1. Confirms a supported anti-virus product is installed.
    2. Checks the services for the installed product are correctly configured. This includes the service(s) are present, set for correct startup, and correct current state.
    3. Check that the latest update (pattern/definition) is installed on the system.

    Note: All events (out of date, missing service, etc. are sent to the application event log.

    I've supported several Trend Micro products and versions with Trend AV Check progra. Once I get the Trend Micro version done, Symantec will probably be next. Yes, there is a better way to monitor your anti-virus. Plus this way doesn't actually depend on their consoles or your running ugly or useless reports.

    Matt

    Legacy Forum Name: How-To,
    Legacy Posted By Username: connectex
  • We are fully Symantec users and all my clients also, so this is very important to me and surprising that Kaseya has not got much in the fold re Symantec support and monitoring, etc. any help and scripts will be greatly appreciated as I am not a script man, but am willing to test and report back to anyone who who allow this help to solve some issues. anyone wanting to help me, am a good listener and am sure i can assist somewhere. afetr all, we are supposed to be all together making this product work for each of us, there is no reason to not share imo

    Legacy Forum Name: How-To,
    Legacy Posted By Username: massador
  • I see some talk of some great Trend Micro and other A/V monitoring but I don't see the scripts or information. Anyone able to share any success and how-to information?

    Legacy Forum Name: How-To,
    Legacy Posted By Username: MarkL
  • Could someone please share their scripts for monitoring Trend?
    3rd party AV monitoring is really the only thing that is missing from Kaseya.

    Legacy Forum Name: How-To,
    Legacy Posted By Username: ETG
  • CA script,

    Here is part of the CA script we use to check the sigs

    IF True 
    THEN
    Get Variable
    Parameter 1 : 10
    Parameter 2 :
    Parameter 3 : agenttemp
    OS Type : 0
    Write File
    Parameter 1 : #agenttemp#\SigCheck.exe
    Parameter 2 : VSASharedFiles\3-Maintenance\SigCheck.exe
    OS Type : 0
    Execute Shell Command
    Parameter 1 : #agenttemp#\SigCheck.exe vet >> #agenttemp#\sigCheckLog.txt
    Parameter 2 : 1
    OS Type : 0
    Write File
    Parameter 1 : #agenttemp#\last4chars.vbs
    Parameter 2 : VSASharedFiles\3-Maintenance\Last4Chars.vbs
    OS Type : 0
    Execute File
    Parameter 1 : "%windir%\system32\cscript.exe"
    Parameter 2 : //b #agenttemp#\last4chars.vbs #agenttemp#\sigCheckLog.txt #agenttemp#\sigCheckLog1.txt
    Parameter 3 : 3
    OS Type : 1
    Get Variable
    Parameter 1 : 1
    Parameter 2 : #agenttemp#\sigCheckLog1.txt
    Parameter 3 : signatureVersion
    OS Type : 0
    Write Script Log Entry
    Parameter 1 : The current version of eTrust signature versions is #signatureVersion#
    OS Type : 0
    Execute Script
    Parameter 1 : CA Signature Latest Version Check (NOTE: Script reference is NOT imported. Correct manually in script editor.
    Parameter 2 :
    Parameter 3 : 0
    OS Type : 0
    ELSE



    This is the last4char.vbs

    set objArgs =3D WScript.Arguments
    if WScript.Arguments.Count <> 2 then
    MsgBox "USAGE: {c|w}script Last4Chars.vbs
    To>"
    WScript.Quit
    end if

    fileFrom =3D WScript.Arguments(0)
    fileTo =3D WScript.Arguments(1)

    Dim objFSO : Set objFSO =3D CreateObject("Scripting.FileSystemObject")
    arrFiles =3D Split(objFSO.OpenTextFile(fileFrom).ReadAll,vbNewLine)
    Dim objOutputFile : Set objOutputFile =3D objFSO.CreateTextFile(fileTo, =
    TRUE)

    Set WshShell =3D WScript.CreateObject("WScript.Shell")

    For Each strLine in arrFiles

    'Ignore blank lines and those less than 4 lines.
    If Len(strLine) > 3 Then =20

    objOutputFile.WriteLine(Right(strLine, 4))

    End If

    Next

    objOutputFile.Close

    Set objFSO =3D Nothing



    The sigcheck.exe is a file in the CA directory.

    Legacy Forum Name: How-To,
    Legacy Posted By Username: Joshua Lehman
  • We use WFRM for Trend to leverage
    reporting from all of the disparate consoles.

    One thing I'd like to have/see is a script or tool
    that can notify of issues on remote clients that
    do not report to the console.

    Anyone have scripts like that?

    Legacy Forum Name: How-To,
    Legacy Posted By Username: corpitsol