Kaseya Community

Trend Micro Monitoring

  • This is a question that was not answered acceptably in the Kaseya training.

    The majority of our MSP customers have Trend Micro Client Server Messaging suite in varying flavors and versions. Updates to those products are handled by the hourly update process done by the Trend Micro management console.

    As I understand it using the sample scripts I can collect the installed version, pattern version, and scan engine version. This is great and well, but in actual practice does me no good at all.

    The unacceptable answer provided in the class was to have Kaseya perform the updates to the Trend Micro software pushing the updates from our facility to the customers. This makes no sense at all in practice when the built in update capability works so well.

    I need a way to monitor the update level of all clients and alert the administrator of clients that are out of compliance. I do not see a way to do this.

    Edit: I do see how to collect the data, but how can I use that data to any purpose? I need to be able to run a report or get an alert stating these computers do not have the current version, definition, or pattern so we can know to do something about it. All I do currently is run a report listing the computer and the various versions and then manually scan it for exceptions.

    How are other partners in practice handling Trend Micro Officescan and Scanmail updates aspart of the MSP offering?



    Legacy Forum Name: Trend Micro Monitoring,
    Legacy Posted By Username: trebligb2
  • From: trebligb2
    This is a great start I will see what we can do.

    What we need is the ability to alert on clients that are say... more than4 days out of date. Trend reports in the registry the pattern version, engine version, program version, and pattern date. The sample officescan script collects the pattern and engine versions. I modified it to grab the pattern date and program versionas well.

    What I would like to do is two-fold:

    1. Run a report showing each client and each piece of data collected. I kind of have this working but it reports too much information. Each time the script runs it collects additional data and records it. The report then has a bunch of entries for each computer that show the entire update history. Is it possible to either A: have the script overwrite the existing entry or B: have the report only show the last of each entry type in the log?

    2. Have a script running that generates an alert if the PatternDate entry is more than4 days older than the current date.



    Officescan will generate an event if the pattern is more than X days out of date, but thisevent will not fire if the officescan services are not running so I do not trust that as a real measure of if officescan is working or not. A user could have disabled the officescan services and Kaseya would never see an event stating the pattern version is out of date and alert on it.


    Legacy Forum Name: Anti-Virus Scripts,
    Legacy Posted By Username: sourceminer
  • Ok so first you need to run a Logs report with the Name of the script.
    Second you need to add a description filter in the report to only show data with the following info.

    If you dont I think what you are getting is Success THEN, Script was scheduled at time bla bla bla... You can filter the report to only show the data your looking for (knowing it is always going to be the same). As and example if the description you want to filter is (example) Your Current Defs Date is: 12/12/05
    Your description filter in the report would be *your current defs date*

    This will omit all the other descriptions that would show up with the run of that script.
    Does that make sense?

    2 Would require a little more scripting options, I will look into is. I think there is a Check File Date. So with that we may need a function that allows you to say if that date is 3 days or older send email.


    Legacy Forum Name: Anti-Virus Scripts,
    Legacy Posted By Username: sourceminer
  • Ok, I have the report down. My problem was the report wasset up to show the last day of information but actually reporting on all data. I rebuilt the report and it is doing the correct time frame now.

    Is it possible to have the scheduled report send an excel file rather than the html file? This would save the tech a bunch of time since they could do sorting.

    For alerting I am going to use the Trend alert for out of date patterns with a weekly manual check of the report to back that up.



    Thanks for the help!


    Legacy Forum Name: Anti-Virus Scripts,
    Legacy Posted By Username: trebligb2
  • script.zip
    Great. I have built a script that uses the Get Modified Date function and test the def file and executes another script. Then the second script in the if step uses that variable against a static date entry and sends an email if the date is off...

    The Function to allow adding/subtracting time on the Check VAriablle command is going to be added or is on the feature list. Hopfully soon. This will allow you to say if the date is more that X days old do something...


    The Script Example is attached.


    Legacy Forum Name: Anti-Virus Scripts,
    Legacy Posted By Username: sourceminer
  • sourceminer wrote:
    "Officescan will generate an event if the pattern is more than X days out of date, but thisevent will not fire if the officescan services are not running so I do not trust that as a real measure of if officescan is working or not."

    Is there a way to "test" see if a service is running?, take action if stopped,alert if it can't restart it? I just had an OfficeScan service on the server not running for some strange reason.



    -Don




    Legacy Forum Name: Anti-Virus Scripts,
    Legacy Posted By Username: PITG
  • I think in 4.6 Kaseya can query service state

    Legacy Forum Name: Anti-Virus Scripts,
    Legacy Posted By Username: trebligb2
  • This is the first time I've seen this message thread. I too use Trend Micro's Client/Server/Messaging Suite. This is my perferred AV product. I'm currently running the Trend Micro script to report engine and pattern file versions and running a daily report (one day only) and manually reviewing it for clients that are not updating. However, I was a programmer in a past life and I've been learning Visual Basic scripting. I was planning on writing a .vbs script to pull the current pattern file via web page and compare it to the information reported back from the client. I was also looking to verify all Trend Micro services were running in this script. It's been on my plate for a while now I've just been too busy with implementing Kaseya and now ConnectWise within our firm. I'll post it here when I get it done, if there's any interest.

    Matt



    Legacy Forum Name: Anti-Virus Scripts,
    Legacy Posted By Username: connectex
  • Definitely interested.

    Legacy Forum Name: Anti-Virus Scripts,
    Legacy Posted By Username: jauerbach01
  • I am extremely interested! We have hundreds of installs of Trend's CSMS and with no ability to get notified if they are out of date. We have to manually run the report and scan for older versions.

    Legacy Forum Name: Anti-Virus Scripts,
    Legacy Posted By Username: TomKraus
  • Because of this thread and some time from the holiday weekend.

    I've written two .vbs scripts. The first one retrieves the pattern and engine versions from Trend Micro's web site and writes them to a text file. I'm using this file to have this information available on the local network and avoid extra Internet accesses. The second one reads the file from the first script and compares the pattern and engine versions with those stored in the registry. It then checks to make sure all Trend Micro AV services are running and set for automatic start. It writes an event log entry if anything is wrong. I'm in testing now. However, I only support Windows 2000/XP/2003 on my clients so my testing base isn't very wide. I'll let you know more as I get it all tested.

    Does this sound like a better approach to this issue?

    Matt


    Legacy Forum Name: Anti-Virus Scripts,
    Legacy Posted By Username: connectex
  • I've been able to test my new scripts on a few of my clients. I'd like a couple other people to try them out. Any takers?

    Matt


    Legacy Forum Name: Anti-Virus Scripts,
    Legacy Posted By Username: connectex
  • Why do I always get duplicate postings. :shock:

    Legacy Forum Name: Anti-Virus Scripts,
    Legacy Posted By Username: PITG
  • Here Ye, Here Ye!!!

    We have tons on Trend platforms. Which ones are the scripts for?



    on@preferreditgroup.com]Don@preferreditgroup.com


    Legacy Forum Name: Anti-Virus Scripts,
    Legacy Posted By Username: PITG
  • I would be happy (no more than happy) to test the Trend scripts that you've developed.

    Legacy Forum Name: Anti-Virus Scripts,
    Legacy Posted By Username: TomKraus