What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

How can I monitor the up-to-dateness of McAfee anti-virus scanners on my system?

Votes:

0

I would like to monitor the age of McAfee anti-virus signatures on the computers in my network in comparison to the latest available release version. If my version is not up-to-date, PRTG should indicate this with a corresponding sensor state, depending on the degree to which the version number of installed scanners diverges from the latest available version. How can I achieve this?

antivirus custom-script-exe exe-script-sensor mcafee powershell prtg script

Created on Jun 21, 2013 11:39:17 AM by  Gerald Schoch [Paessler Support]

Last change on Mar 16, 2015 5:10:29 PM by  Martina Wittmann [Paessler Support]



11 Replies

Accepted Answer

Votes:

0

This article applies to PRTG Network Monitor 13.2 or later

Monitoring the Age of Anti-Virus Signatures

In order to monitor the signature age of an anti-virus scanner installed on your system in comparison to the latest available version on a release server, use an EXE/Script sensor in PRTG and create a corresponding script file to get this information.

  • The Powershell script for this concern (as given below for McAfee) will check the latest available DAT version of the scanner in the web at first.
  • Then, it determines the DAT version of the installed scanner on your server.
  • As result, the difference between the two version numbers will be returned as integer.

In PRTG, add an EXE/Script sensor and choose the created script in the sensor settings. You can set an error and/or warning limit in the sensor’s channel settings depending on your needs. For example, you can define that the sensor goes into warning status if the version numbers differ by 2, and into down status if the version numbers differ by 5.

Feel free to adjust the script depending on your needs. For example, you can make it applicable for anti-virus software other than McAfee, as long as this anti-virus solution writes version information into the registry. If this data has to be read out of a file, the script would have to be a bit more complex, though, it is also possible.

Script

  • Copy the following script and paste it into a text editor.
  • Save it as a Powershell script file (.ps1) into the /Custom Sensors/EXE subfolder of your PRTG installation.
param (
    [Parameter(Mandatory=$false)][string]$ComputerName=".",
    [Parameter(Mandatory=$false)][int]$RefreshURL=21600
)

Import-Module PSSystemTools -Force

# Define Variables
$Url = "http://update.nai.com/Products/CommonUpdater/avvdat.ini"
$TempFile = "C:\Temp\avvdat.ini"
$RegKey = "hklm:/Software/Network Associates/ePolicy Orchestrator/Application Plugins/VIRUSCAN8800"
$RegValue = "DATVersion"

# Create Temporary File
if ((Test-Path $TempFile) -eq $false) {
    $webpage = (new-object system.net.WebClient).DownloadString($Url)
    $webpage | Set-Content -Path $TempFile
}
$objTempFile = Get-Item $TempFile
if ([int]((Get-Date).Subtract($objTempFile.LastWriteTime).TotalSeconds) -gt $RefreshURL) {
    $webpage = (new-object system.net.WebClient).DownloadString($Url)
    $webpage | Set-Content -Path $TempFile
}

# Read Temporary File
$INIFile = Import-IniFile -File $TempFile
$Section = $INIFile.'AVV-ZIP'
$FileDATVersion = $Section.DATVersion


# Read Registry
$RegDATVersion = Invoke-Command -ComputerName $ComputerName -ArgumentList $RegKey,$RegValue -ScriptBlock {
    Param($RegKey,$RegValue)
    $RegDATVersion = (Get-ItemProperty $RegKey).$RegValue
    $RegDATVersion = $RegDATVersion.Split(".")
    $RegDATVersion = $RegDATVersion[0]
    $RegDATVersion
}

# Calculate and Return Result
write-host "$($FileDATVersion - $RegDATVersion):OK"
  • Monitor this script with an EXE/Script sensor.

PRTG will start to monitor the age of your anti-virus signature immediately.

Created on Jun 21, 2013 11:51:29 AM by  Gerald Schoch [Paessler Support]

Last change on Jun 21, 2013 12:56:01 PM by  Gerald Schoch [Paessler Support]



Votes:

0

Thanks for this script.

I would also like to implement this in PRTG, but the PRTG Sensor returns "UnauthorizedAccess".

Also, on the client and on the probe, no "C:\Temp\avvdat.ini" file is created. The given URL is reachable. The inherited Windows Access Rights are admin rights. The Registry-Entry is existing.

Do you have an idea, what we should adjust?

Created on Sep 15, 2015 10:48:24 AM



Votes:

0

Hi,
by default the scripts are executed with the permissions of the local SYSTEM account of the machine the PRTG Probe is installed on. You might try providing credentials in the parent device and then on tab Settings change the Security Context to use the credentials provided in the parent device. Does that work?

Created on Sep 16, 2015 1:22:41 PM by  Konstantin Wolff [Paessler Support]



Votes:

0

Hi, I'm assuming you mean the Windows Login credentials? They are correctly inherited. I tried also to provide them manually, but that didn't help.

Created on Sep 21, 2015 2:42:07 PM



Votes:

0

Hi,
it is possible to execute scripts in a different security context. Normally scripts are executed with local SYSTEM permissions as the probe runs with this account. However, on tab Settings of the sensor you will find a setting called Security Context which defaults to Use security context of probe service. Please try setting the same to Use Windows credentials of parent device. If it does still not work, we can try chaning the script to use explicit authentication.

Created on Sep 22, 2015 9:08:40 AM by  Konstantin Wolff [Paessler Support]



Votes:

0

Hi

Is there an updated version of this script? The "PSSystemTools" module doesn't exist anymore?

Created on Mar 1, 2017 4:12:55 AM



Votes:

0

Downloading and installing the following should help, because it includes the necessary function for the script: https://github.com/sushihangover/SushiHangover-PowerShell

Created on Mar 2, 2017 8:50:30 AM by  Torsten Lindner [Paessler Support]



Votes:

0

the check on the web "$Url = "http://update.nai.com/Products/CommonUpdater/avvdat.ini" is this usable for all Anti-virusses or just for McAfee??

Created on May 28, 2018 1:23:41 PM



Votes:

0

Hi there,

The URL belongs to McAfee, so it is only valid for McAfee. This means that the script and URL might be adapted, depending on the used AntiVirus.

Best regards.

Created on May 28, 2018 1:25:58 PM by  Dariusz Gorka [Paessler Support]



Votes:

1

I am using the McAfee antivirus software on my laptop. I was also searching of the way to monitor the up-to-dateness of McAfee anti-virus scanners on my system for that I visited https://babasupport.org/microsoft/microsoft-office-error-code-0xc004f074/ but did not get the valid solution but from here I get the appropriate solution.

Created on Nov 9, 2018 11:01:11 PM



Votes:

0

Maybe you want to check out this new Version of the Script, which supports DATv2 and DATv3.

GitHub McAfee DAT Sensor for PRTG

Created on Nov 12, 2021 2:33:14 PM




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.