I would like to monitor the age of McAfee anti-virus signatures on the computers in my network in comparison to the latest available release version. If my version is not up-to-date, PRTG should indicate this with a corresponding sensor status, depending on the degree to which the version number of installed scanners diverges from the latest available version. How can I achieve this?
How can I monitor the up-to-dateness of McAfee anti-virus scanners on my system?
Votes:
0
11 Replies
Votes:
0
This article applies to PRTG Network Monitor 13.2 or later
Monitoring the Age of Anti-Virus Signatures
In order to monitor the signature age of an anti-virus scanner installed on your system in comparison to the latest available version on a release server, use an EXE/Script sensor in PRTG and create a corresponding script file to get this information.
- The Powershell script for this concern (as given below for McAfee) will check the latest available DAT version of the scanner in the web at first.
- Then, it determines the DAT version of the installed scanner on your server.
- As result, the difference between the two version numbers will be returned as integer.
In PRTG, add an EXE/Script sensor and choose the created script in the sensor settings. You can set an error and/or warning limit in the sensor’s channel settings depending on your needs. For example, you can define that the sensor goes into warning status if the version numbers differ by 2, and into down status if the version numbers differ by 5.
Feel free to adjust the script depending on your needs. For example, you can make it applicable for anti-virus software other than McAfee, as long as this anti-virus solution writes version information into the registry. If this data has to be read out of a file, the script would have to be a bit more complex, though, it is also possible.
Script
- Copy the following script and paste it into a text editor.
- Save it as a Powershell script file (.ps1) into the /Custom Sensors/EXE subfolder of your PRTG installation.
param ( [Parameter(Mandatory=$false)][string]$ComputerName=".", [Parameter(Mandatory=$false)][int]$RefreshURL=21600 ) Import-Module PSSystemTools -Force # Define Variables $Url = "http://update.nai.com/Products/CommonUpdater/avvdat.ini" $TempFile = "C:\Temp\avvdat.ini" $RegKey = "hklm:/Software/Network Associates/ePolicy Orchestrator/Application Plugins/VIRUSCAN8800" $RegValue = "DATVersion" # Create Temporary File if ((Test-Path $TempFile) -eq $false) { $webpage = (new-object system.net.WebClient).DownloadString($Url) $webpage | Set-Content -Path $TempFile } $objTempFile = Get-Item $TempFile if ([int]((Get-Date).Subtract($objTempFile.LastWriteTime).TotalSeconds) -gt $RefreshURL) { $webpage = (new-object system.net.WebClient).DownloadString($Url) $webpage | Set-Content -Path $TempFile } # Read Temporary File $INIFile = Import-IniFile -File $TempFile $Section = $INIFile.'AVV-ZIP' $FileDATVersion = $Section.DATVersion # Read Registry $RegDATVersion = Invoke-Command -ComputerName $ComputerName -ArgumentList $RegKey,$RegValue -ScriptBlock { Param($RegKey,$RegValue) $RegDATVersion = (Get-ItemProperty $RegKey).$RegValue $RegDATVersion = $RegDATVersion.Split(".") $RegDATVersion = $RegDATVersion[0] $RegDATVersion } # Calculate and Return Result write-host "$($FileDATVersion - $RegDATVersion):OK"
- Monitor this script with an EXE/Script sensor.
PRTG will start to monitor the age of your anti-virus signature immediately.
Created on Jun 21, 2013 11:51:29 AM by
Gerald Schoch [Paessler Support]
Last change on Jun 21, 2013 12:56:01 PM by
Gerald Schoch [Paessler Support]
Votes:
0
Thanks for this script.
I would also like to implement this in PRTG, but the PRTG Sensor returns "UnauthorizedAccess".
Also, on the client and on the probe, no "C:\Temp\avvdat.ini" file is created. The given URL is reachable. The inherited Windows Access Rights are admin rights. The Registry-Entry is existing.
Do you have an idea, what we should adjust?
Votes:
0
Hi,
by default the scripts are executed with the permissions of the local SYSTEM account of the machine the PRTG Probe is installed on. You might try providing credentials in the parent device and then on tab Settings change the Security Context to use the credentials provided in the parent device. Does that work?
Votes:
0
Hi, I'm assuming you mean the Windows Login credentials? They are correctly inherited. I tried also to provide them manually, but that didn't help.
Votes:
0
Hi,
it is possible to execute scripts in a different security context. Normally scripts are executed with local SYSTEM permissions as the probe runs with this account. However, on tab Settings of the sensor you will find a setting called Security Context which defaults to Use security context of probe service. Please try setting the same to Use Windows credentials of parent device. If it does still not work, we can try chaning the script to use explicit authentication.
Votes:
0
Hi
Is there an updated version of this script? The "PSSystemTools" module doesn't exist anymore?
Votes:
0
Downloading and installing the following should help, because it includes the necessary function for the script: https://github.com/sushihangover/SushiHangover-PowerShell
Votes:
0
the check on the web "$Url = "http://update.nai.com/Products/CommonUpdater/avvdat.ini" is this usable for all Anti-virusses or just for McAfee??
Votes:
0
Hi there,
The URL belongs to McAfee, so it is only valid for McAfee. This means that the script and URL might be adapted, depending on the used AntiVirus.
Best regards.
Votes:
1
I am using the McAfee antivirus software on my laptop. I was also searching of the way to monitor the up-to-dateness of McAfee anti-virus scanners on my system for that I visited https://babasupport.org/microsoft/microsoft-office-error-code-0xc004f074/ but did not get the valid solution but from here I get the appropriate solution.
Votes:
0
Maybe you want to check out this new Version of the Script, which supports DATv2 and DATv3.
Add comment