Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Automated inventorization or scan of network to determine if AV is installed

Posted on 2014-04-25
4
Medium Priority
?
599 Views
Last Modified: 2014-04-27
We have a case of a few VMs that do not have AV (TrendMicro's Deep Security)
installed & this is a non-compliance.  Our VMs are monitored using Sitescope
& this tool does not have agent installed in the VMs  (unlike BMC Patrol or
CA Unicentre).

I'm afraid the inventory records (ie documentation) may not be up-to-date
& new VMs/servers may not be recorded.

The VMs run Windows (2003, 2008R2, RHES 5.x/6.x, Solaris x86) OS.


Q1:
is there an automated way to scan all 'live' IP addresses in our network to
determine if there's any VMs (leaving out appliances & devices that are
not running the above-mentioned OSes) have the AV installed & running?

Q2:
Is there a way to determine if the AV signatures (as well as patches) are
up-to-date?
0
Comment
Question by:sunhux
  • 2
4 Comments
 

Author Comment

by:sunhux
ID: 40021998
Q3:
Is it possible that when a VM joins the domain of our network, the AV
is automatically 'push-installed'?

Q4:
Also, if an AV is not installed properly or there's an unauthorized
activity to deinstall or stop the AV service, how can we be automatically
alerted?

Q5:
Any PowerShell script (or any other script) to automate the above will be
appreciated if it's applicable
0
 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 668 total points
ID: 40022002
If you are using TrendMicro's Deep Security then I would expect to to see lots of VM's with no agents installed. That's the idea of using TrendMicro's Deep Security.
Deep Security Manager, once installed and configured correctly should give you all the compliance answers you ever need.
0
 
LVL 26

Accepted Solution

by:
Lionel MM earned 1332 total points
ID: 40024449
Q1 I don't know how to do it by IP address but you can use net view, if all you system show up, or you can use IP scanners to create a list (not as automated as you would like)
FOR /F %%a IN ('NET VIEW') DO IF NOT EXIST "%%a\C$\program files\TrendMicro\ScanProgramName.exe" @ECHO %%a >> IsAVInstalled.txt
Q2 Hopefully you ahve some sort of management software that installs and monitors. I am familiar with TrendMicro's Worry Free Business Security and I use a browser to monitor and manage this so I assume the Deep Security product has something similar
Q3 Yes, there are several ways to do this, with batch scripts and/or with Group policies
Q4 Again I would refer you to the management console for this--it should have a place where you can setup alerts that will email when there is an outbreak as well as any
problems with any particular system. With my TrendMicro product I get emails about
system status, malware detections, agent software on systems not functioning, etc. etc.
Q5 Sorry I have no powershell scripts for any of the above but if any do exist you may find them here -- I use it for many powershell helps http://blogs.technet.com/b/heyscriptingguy/
0
 
LVL 26

Assisted Solution

by:Lionel MM
Lionel MM earned 1332 total points
ID: 40024489
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

927 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question