Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Fri Mar 29, 2024 10:00 am

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 8 posts ] 
Author Message
 Post subject: antivirus
PostPosted: Thu Aug 17, 2006 5:16 am 
Offline
Newbie

Joined: Mon Feb 21, 2005 12:41 am
Posts: 25
Hi,

On the home page I get a list of 181 machines of 251 which are listed in XP SP2 without up to date AntiVirus.

When going down into that list, and click on the security of a specific machine it says that the virusscanner is installed (McAfee).

Am I missing the point?

Best regards,


Rudi.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Aug 17, 2006 6:40 am 
Do you have the security service running? If not, I don't think the AV will show up there. The only thing that checks is the WMI info about the security service.


Top
  
Reply with quote  
 Post subject:
PostPosted: Thu Aug 17, 2006 9:31 am 
Offline
Newbie

Joined: Mon Feb 21, 2005 12:41 am
Posts: 25
Hi,

I can see the point about the security service. it is however not necessary to run in our configuration.

Since it can be clicked away at the configuration, I've chosen to do that.

It seems to be quite useful when you have users that have administrative rights.


Cheers,


Rudi


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Aug 17, 2006 6:57 pm 
Offline
Moderator

Joined: Sun Aug 06, 2006 1:13 am
Posts: 362
Location: Germany
We had McAfee too. I had extend my audit.vbs with some Reg-Keys. After Scan, the analysis (Pattern and Engine) can be done at the Software-View.


[code]
wscript.echo "Custom Software"

' Add McAffe Pattern-Version to the Software Register
strKeyPath = "SOFTWARE\Network Associates\TVD\VirusScan Enterprise\CurrentVersion"
strValueName = "szVirDefVer"
display_name = "McAfee Virus-Definition-Version"
oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,McAfeeVirDef_Version
form_input = "software^^^" & display_name & "^^^" _
& McAfeeVirDef_Version & "^^^" _
& "" & "^^^" _
& "" & "^^^" _
& OSInstall & "^^^" _
& "McAfee^^^^^^^^^^^^^^^^^^" _
& "" & "^^^" _
& "" & "^^^" _
& "" & "^^^ "
entry form_input,comment,objTextFile,oAdd,oComment
form_input = ""


' Add McAffe Scan-Engine-Version to the Software Register
strKeyPath = "SOFTWARE\Network Associates\TVD\VirusScan Enterprise\CurrentVersion"
strValueName = "szEngineVer"
display_name = "McAfee Scan-Engine-Version"
oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,McAfeeEngine_Version
form_input = "software^^^" & display_name & "^^^" _
& McAfeeEngine_Version & "^^^" _
& "" & "^^^" _
& "" & "^^^" _
& OSInstall & "^^^" _
& "McAfee^^^^^^^^^^^^^^^^^^" _
& "" & "^^^" _
& "" & "^^^" _
& "" & "^^^ "
entry form_input,comment,objTextFile,oAdd,oComment
form_input = ""
[/code]


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Aug 17, 2006 7:41 pm 
Offline
Newbie

Joined: Mon Feb 21, 2005 12:41 am
Posts: 25
Hi Matze,

Thanks for the input, however it seems like this information is already in?

I did not see any change in result when I included the code in the audit.vbs.

I saw the McAfee software popping up in the installed software before.

Best regards,


Rudi.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Aug 17, 2006 8:40 pm 
Offline
Moderator

Joined: Sun Aug 06, 2006 1:13 am
Posts: 362
Location: Germany
Please add this code at line 1822 in audit.vbs, after other software is detected.

I talk to the other developers to add the code.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Aug 17, 2006 11:40 pm 
The code Matze wrote, as far as I can tell, won't add it to the antivirus listing. It will log the scan engine and virus def dates (for mcafee enterprise).


Top
  
Reply with quote  
 Post subject:
PostPosted: Fri Aug 18, 2006 2:10 am 
Offline
Moderator

Joined: Sun Aug 06, 2006 1:13 am
Posts: 362
Location: Germany
> won't add it to the antivirus listing.

You meen the XP-Virus function?

The result of my code appears only in the Software-View and the Security-Viewm (because the Security-View lists all Software with *Virus*).


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 8 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group