Solved

Automated inventorization or scan of network to determine if AV is installed

Posted on 2014-04-25
4
595 Views
Last Modified: 2014-04-27
We have a case of a few VMs that do not have AV (TrendMicro's Deep Security)
installed & this is a non-compliance.  Our VMs are monitored using Sitescope
& this tool does not have agent installed in the VMs  (unlike BMC Patrol or
CA Unicentre).

I'm afraid the inventory records (ie documentation) may not be up-to-date
& new VMs/servers may not be recorded.

The VMs run Windows (2003, 2008R2, RHES 5.x/6.x, Solaris x86) OS.


Q1:
is there an automated way to scan all 'live' IP addresses in our network to
determine if there's any VMs (leaving out appliances & devices that are
not running the above-mentioned OSes) have the AV installed & running?

Q2:
Is there a way to determine if the AV signatures (as well as patches) are
up-to-date?
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 

Author Comment

by:sunhux
ID: 40021998
Q3:
Is it possible that when a VM joins the domain of our network, the AV
is automatically 'push-installed'?

Q4:
Also, if an AV is not installed properly or there's an unauthorized
activity to deinstall or stop the AV service, how can we be automatically
alerted?

Q5:
Any PowerShell script (or any other script) to automate the above will be
appreciated if it's applicable
0
 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 167 total points
ID: 40022002
If you are using TrendMicro's Deep Security then I would expect to to see lots of VM's with no agents installed. That's the idea of using TrendMicro's Deep Security.
Deep Security Manager, once installed and configured correctly should give you all the compliance answers you ever need.
0
 
LVL 25

Accepted Solution

by:
Lionel MM earned 333 total points
ID: 40024449
Q1 I don't know how to do it by IP address but you can use net view, if all you system show up, or you can use IP scanners to create a list (not as automated as you would like)
FOR /F %%a IN ('NET VIEW') DO IF NOT EXIST "%%a\C$\program files\TrendMicro\ScanProgramName.exe" @ECHO %%a >> IsAVInstalled.txt
Q2 Hopefully you ahve some sort of management software that installs and monitors. I am familiar with TrendMicro's Worry Free Business Security and I use a browser to monitor and manage this so I assume the Deep Security product has something similar
Q3 Yes, there are several ways to do this, with batch scripts and/or with Group policies
Q4 Again I would refer you to the management console for this--it should have a place where you can setup alerts that will email when there is an outbreak as well as any
problems with any particular system. With my TrendMicro product I get emails about
system status, malware detections, agent software on systems not functioning, etc. etc.
Q5 Sorry I have no powershell scripts for any of the above but if any do exist you may find them here -- I use it for many powershell helps http://blogs.technet.com/b/heyscriptingguy/
0
 
LVL 25

Assisted Solution

by:Lionel MM
Lionel MM earned 333 total points
ID: 40024489
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SonicWall Max Connection Setting 7 83
Connecting to CISCO 4402 WLC 3 61
office 2010 not starting even in safe mode 9 561
Ip scheme change 1 32
Transparency shows that a company is the kind of business that it wants people to think it is.
Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question