Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Automated inventorization or scan of network to determine if AV is installed

Posted on 2014-04-25
4
Medium Priority
?
597 Views
Last Modified: 2014-04-27
We have a case of a few VMs that do not have AV (TrendMicro's Deep Security)
installed & this is a non-compliance.  Our VMs are monitored using Sitescope
& this tool does not have agent installed in the VMs  (unlike BMC Patrol or
CA Unicentre).

I'm afraid the inventory records (ie documentation) may not be up-to-date
& new VMs/servers may not be recorded.

The VMs run Windows (2003, 2008R2, RHES 5.x/6.x, Solaris x86) OS.


Q1:
is there an automated way to scan all 'live' IP addresses in our network to
determine if there's any VMs (leaving out appliances & devices that are
not running the above-mentioned OSes) have the AV installed & running?

Q2:
Is there a way to determine if the AV signatures (as well as patches) are
up-to-date?
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 

Author Comment

by:sunhux
ID: 40021998
Q3:
Is it possible that when a VM joins the domain of our network, the AV
is automatically 'push-installed'?

Q4:
Also, if an AV is not installed properly or there's an unauthorized
activity to deinstall or stop the AV service, how can we be automatically
alerted?

Q5:
Any PowerShell script (or any other script) to automate the above will be
appreciated if it's applicable
0
 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 668 total points
ID: 40022002
If you are using TrendMicro's Deep Security then I would expect to to see lots of VM's with no agents installed. That's the idea of using TrendMicro's Deep Security.
Deep Security Manager, once installed and configured correctly should give you all the compliance answers you ever need.
0
 
LVL 25

Accepted Solution

by:
Lionel MM earned 1332 total points
ID: 40024449
Q1 I don't know how to do it by IP address but you can use net view, if all you system show up, or you can use IP scanners to create a list (not as automated as you would like)
FOR /F %%a IN ('NET VIEW') DO IF NOT EXIST "%%a\C$\program files\TrendMicro\ScanProgramName.exe" @ECHO %%a >> IsAVInstalled.txt
Q2 Hopefully you ahve some sort of management software that installs and monitors. I am familiar with TrendMicro's Worry Free Business Security and I use a browser to monitor and manage this so I assume the Deep Security product has something similar
Q3 Yes, there are several ways to do this, with batch scripts and/or with Group policies
Q4 Again I would refer you to the management console for this--it should have a place where you can setup alerts that will email when there is an outbreak as well as any
problems with any particular system. With my TrendMicro product I get emails about
system status, malware detections, agent software on systems not functioning, etc. etc.
Q5 Sorry I have no powershell scripts for any of the above but if any do exist you may find them here -- I use it for many powershell helps http://blogs.technet.com/b/heyscriptingguy/
0
 
LVL 25

Assisted Solution

by:Lionel MM
Lionel MM earned 1332 total points
ID: 40024489
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question