Solved

Automated inventorization or scan of network to determine if AV is installed

Posted on 2014-04-25
4
594 Views
Last Modified: 2014-04-27
We have a case of a few VMs that do not have AV (TrendMicro's Deep Security)
installed & this is a non-compliance.  Our VMs are monitored using Sitescope
& this tool does not have agent installed in the VMs  (unlike BMC Patrol or
CA Unicentre).

I'm afraid the inventory records (ie documentation) may not be up-to-date
& new VMs/servers may not be recorded.

The VMs run Windows (2003, 2008R2, RHES 5.x/6.x, Solaris x86) OS.


Q1:
is there an automated way to scan all 'live' IP addresses in our network to
determine if there's any VMs (leaving out appliances & devices that are
not running the above-mentioned OSes) have the AV installed & running?

Q2:
Is there a way to determine if the AV signatures (as well as patches) are
up-to-date?
0
Comment
Question by:sunhux
  • 2
4 Comments
 

Author Comment

by:sunhux
ID: 40021998
Q3:
Is it possible that when a VM joins the domain of our network, the AV
is automatically 'push-installed'?

Q4:
Also, if an AV is not installed properly or there's an unauthorized
activity to deinstall or stop the AV service, how can we be automatically
alerted?

Q5:
Any PowerShell script (or any other script) to automate the above will be
appreciated if it's applicable
0
 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 167 total points
ID: 40022002
If you are using TrendMicro's Deep Security then I would expect to to see lots of VM's with no agents installed. That's the idea of using TrendMicro's Deep Security.
Deep Security Manager, once installed and configured correctly should give you all the compliance answers you ever need.
0
 
LVL 25

Accepted Solution

by:
Lionel MM earned 333 total points
ID: 40024449
Q1 I don't know how to do it by IP address but you can use net view, if all you system show up, or you can use IP scanners to create a list (not as automated as you would like)
FOR /F %%a IN ('NET VIEW') DO IF NOT EXIST "%%a\C$\program files\TrendMicro\ScanProgramName.exe" @ECHO %%a >> IsAVInstalled.txt
Q2 Hopefully you ahve some sort of management software that installs and monitors. I am familiar with TrendMicro's Worry Free Business Security and I use a browser to monitor and manage this so I assume the Deep Security product has something similar
Q3 Yes, there are several ways to do this, with batch scripts and/or with Group policies
Q4 Again I would refer you to the management console for this--it should have a place where you can setup alerts that will email when there is an outbreak as well as any
problems with any particular system. With my TrendMicro product I get emails about
system status, malware detections, agent software on systems not functioning, etc. etc.
Q5 Sorry I have no powershell scripts for any of the above but if any do exist you may find them here -- I use it for many powershell helps http://blogs.technet.com/b/heyscriptingguy/
0
 
LVL 25

Assisted Solution

by:Lionel MM
Lionel MM earned 333 total points
ID: 40024489
0

Featured Post

Register Today - IoT Current and Future Threats

Are you prepared to protect your organization from current and future IoT Threats?  Join our Wi-Fi expert in episode three of our webinar series for a look at the current state of Wi-Fi IoT and what may lie ahead. Register for our live webinar on April 20th at 9 am PDT!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
Is your computer hacked? learn how to detect and delete malware in your PC
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question