Automated inventorization or scan of network to determine if AV is installed

We have a case of a few VMs that do not have AV (TrendMicro's Deep Security)
installed & this is a non-compliance.  Our VMs are monitored using Sitescope
& this tool does not have agent installed in the VMs  (unlike BMC Patrol or
CA Unicentre).

I'm afraid the inventory records (ie documentation) may not be up-to-date
& new VMs/servers may not be recorded.

The VMs run Windows (2003, 2008R2, RHES 5.x/6.x, Solaris x86) OS.


Q1:
is there an automated way to scan all 'live' IP addresses in our network to
determine if there's any VMs (leaving out appliances & devices that are
not running the above-mentioned OSes) have the AV installed & running?

Q2:
Is there a way to determine if the AV signatures (as well as patches) are
up-to-date?
sunhuxAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Lionel MMConnect With a Mentor Small Business IT ConsultantCommented:
Q1 I don't know how to do it by IP address but you can use net view, if all you system show up, or you can use IP scanners to create a list (not as automated as you would like)
FOR /F %%a IN ('NET VIEW') DO IF NOT EXIST "%%a\C$\program files\TrendMicro\ScanProgramName.exe" @ECHO %%a >> IsAVInstalled.txt
Q2 Hopefully you ahve some sort of management software that installs and monitors. I am familiar with TrendMicro's Worry Free Business Security and I use a browser to monitor and manage this so I assume the Deep Security product has something similar
Q3 Yes, there are several ways to do this, with batch scripts and/or with Group policies
Q4 Again I would refer you to the management console for this--it should have a place where you can setup alerts that will email when there is an outbreak as well as any
problems with any particular system. With my TrendMicro product I get emails about
system status, malware detections, agent software on systems not functioning, etc. etc.
Q5 Sorry I have no powershell scripts for any of the above but if any do exist you may find them here -- I use it for many powershell helps http://blogs.technet.com/b/heyscriptingguy/
0
 
sunhuxAuthor Commented:
Q3:
Is it possible that when a VM joins the domain of our network, the AV
is automatically 'push-installed'?

Q4:
Also, if an AV is not installed properly or there's an unauthorized
activity to deinstall or stop the AV service, how can we be automatically
alerted?

Q5:
Any PowerShell script (or any other script) to automate the above will be
appreciated if it's applicable
0
 
Neil RussellConnect With a Mentor Technical Development LeadCommented:
If you are using TrendMicro's Deep Security then I would expect to to see lots of VM's with no agents installed. That's the idea of using TrendMicro's Deep Security.
Deep Security Manager, once installed and configured correctly should give you all the compliance answers you ever need.
0
 
Lionel MMConnect With a Mentor Small Business IT ConsultantCommented:
0
All Courses

From novice to tech pro — start learning today.