#20932 - 2002-04-30 10:30 PM
Anti-Virus Software and KIXtart
|
BrianTX
Korg Regular
Registered: 2002-04-01
Posts: 895
|
How do you use KIXtart in conjunction with antivirus software?
|
|
Top
|
|
|
|
|
#20933 - 2002-04-30 10:32 PM
Re: Anti-Virus Software and KIXtart
|
BrianTX
Korg Regular
Registered: 2002-04-01
Posts: 895
|
Darn. I left out the "all 3" option.. lol. oh well.. if you use all three, we'll stick that assume that under the deploy and manage option?
Brian
|
|
Top
|
|
|
|
|
#20934 - 2002-04-30 10:50 PM
Re: Anti-Virus Software and KIXtart
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
I use Kixtart to verify the client has AV software and that the product version is up to date. We use SMS to perform the deployment and management of the product.
Since the corporate logon script has such wide spread use (97% of accounts), the logon script logs non-compliant computers and the LAN Admins follow-up to resolve the issue and get SMS working on the client.
|
|
Top
|
|
|
|
|
#20935 - 2002-04-30 10:52 PM
Re: Anti-Virus Software and KIXtart
|
BrianTX
Korg Regular
Registered: 2002-04-01
Posts: 895
|
Howard,
That sounds like a good method. What process (via logon script) are you using to log machines that are not compliant? That sounds like something management might go for..
Brian
|
|
Top
|
|
|
|
|
#20936 - 2002-05-01 03:41 PM
Re: Anti-Virus Software and KIXtart
|
BrianTX
Korg Regular
Registered: 2002-04-01
Posts: 895
|
So far it seems like there are a lot more people using McAfee Antivirus (like me).. What versions of McAfee are people using? So far, we are using VirusScan 4.5 SP1 for Windows 9x and 4.5.1 SP1 for Windows 2000/NT, etc.
Updates for Windows 9x are forced by calling the mcupdate from the logon script if the DAT version isn't current. Unfortunately, I have had a problem with this using 4.5.1 SP1 (which is why it hasn't been deployed for Windows 95). Has anyone else seen this issue? (I'm really not sure exactly what's causing the problem, but it appears to be running mcupdate during logon conflicts with the loading of VirusScan.)
Brian
|
|
Top
|
|
|
|
#20937 - 2002-05-01 03:50 PM
Re: Anti-Virus Software and KIXtart
|
Satz
Fresh Scripter
Registered: 2002-04-08
Posts: 20
Loc: Calgary, Canada
|
We use TrendAV in our company and it is the best I have used in a corporate environment. It does all the work for us. Kixtart doesn't need to touch it.
We used to have NortonAV but pushing the updates, as well as the slow downloads from Symantec when a major virus hit the scene made it way too much an unreliable hassle.
_________________________
-30-
|
|
Top
|
|
|
|
|
#20938 - 2002-05-01 03:59 PM
Re: Anti-Virus Software and KIXtart
|
BrianTX
Korg Regular
Registered: 2002-04-01
Posts: 895
|
In response to the TrendAV... NAI's VirusScan works in a similar fashion. We can maintain our own update sites internally and have the clients update themselves automatically from those locations (ftp). NAI has a product called ePolicy Orchestrator that would allow us to deploy and manage VirusScan to a greater degree, however at the time we deployed VirusScan (4 years ago), this product was not available. Because of that, we have had to manage settings manually. Ideally, we would be able to move to the ePolicy Orchestrator, but not at this time. Management has decided at this time that I can have either ePolicy Orchestrator OR SMS so the choice is a no-brainer. (Do you ever feel stuck in a quagmire?)
Brian
|
|
Top
|
|
|
|
|
#20940 - 2002-05-01 04:21 PM
Re: Anti-Virus Software and KIXtart
|
BrianTX
Korg Regular
Registered: 2002-04-01
Posts: 895
|
Yes, it makes more sense to me (and we are doing that in addition to at logon), but I've been instructed by management to make sure that we at least get updates whenever a user logs on. This way we can send an email out that says an update is available and users simply log off and back on to get it. I've toyed with placing a McUpdate icon on the desktop (I have a setup.exe file for doing just that), but most of our users are too lazy to use or try to use something like that.
Brian
|
|
Top
|
|
|
|
|
#20942 - 2002-05-01 04:38 PM
Re: Anti-Virus Software and KIXtart
|
BrianTX
Korg Regular
Registered: 2002-04-01
Posts: 895
|
That's actually the way it's done. It works fine for 4.5.1 and earlier, but with 4.5.1 SP1 it hangs for a long time on mcupdate and LWI (after the logon script completes). What I'm wondering is if it's actually trying to run 2 updates simultaneously and that's what is causing the problem. I've though about trying to use kill95.exe to clean it up... not sure about it, though.
Brian
|
|
Top
|
|
|
|
|
#20944 - 2002-05-01 05:18 PM
Re: Anti-Virus Software and KIXtart
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
BrianTX, sorry for the delay but this thread slipped through the cracks.
This is the code I currently use to check for AV software. I am still attempting to come up with a workable methodology to validate the engine version and the acceptable DAT version for 40,000 client on a global WAN.
I just noticed that some additional work may be required to copy the Extra.dat for "NetShield" installs.
The resulting log files are collected and parsed weekly via an external process that outputs a report.
code:
:CheckAVsoftware
If not ProductSuite("Terminal Server")
dim $outfile, $NAIkey, $NaiTrackKey, $NaiTrackVal, $NaiTrackCnt, $NAIerror, $NAIver
dim $ProductVersion, $ProductName, $EngineVersion, $DatVersion, $Updateini
dim $str, $rc, $System
$outfile="\\ambdc009\log$\virus\$ComputerName.txt"
;---------------------------------------------------------------------------------------------
; Track the non-compliance count in HCKU. Went count = 5 write FlagFile to Central server.
;---------------------------------------------------------------------------------------------
$NaiTrackKey = "HKEY_CURRENT_USER\Internal"
$NaiTrackVal = "NAIcount"
;---------------------------------------------------------------------------------------------
; Read Software version file to determine acceptable paramaters
; This file is not not to be read at every logon. Need methodology to check once a week.
;---------------------------------------------------------------------------------------------
; Hard coded values for now
$ProductVersion = "4.5.1"
;$Updateini = $Lpath + "\corp\update.ini"
;$EngineVersion = ReadProfileString($Updateini, "SuperDat-IA32", "EngineVersion")
;if @ERROR <> 0
; WriteLog("NAI: Error reading EngineVersion from $Updateini")
;endif
;$DatVersion = ReadProfileString($Lpath +"\corp\update.ini", "SuperDat-IA32", "DATVersion")
;if @ERROR <> 0
; WriteLog("NAI: Error reading EngineVersion from $Updateini")
;endif
;Lookup Product Version
$NAIerror = 0
$NAIkey = "HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan"
$NAIver = ReadValue($NAIkey,"szCurrentVersionNumber")
if @ERROR=0
WriteLog("NAI: Found NAI product version ($NAIver) in $NAIkey, szCurrentVersionNumber")
$ProductVersion = "4.5.1"
$ProductName = "VirusScan"
else
WriteLog("NAI: Error $rc: reading NAI product version $NAIkey, szCurrentVersionNumber")
$NAIkey = "HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Netshield NT\CurrentVersion"
$NAIver = ReadValue($NAIkey,"szProductVer")
if @ERROR=0
WriteLog("NAI: Found NAI product version ($NAIver) in $NAIkey, szProductVer")
$ProductVersion = "4.5.0"
$ProductName = "NetShield"
else
WriteLog("NAI: Error $rc: reading NAI product version $NAIkey, szProductVer")
$NAIerror = 1
$NAIver = "Not Found"
$ProductName = "Not Found"
endif
endif
;Product Version Check
if $NAIerror = 0
; successfully read version key
if Left($NAIver,5) <> $ProductVersion
; found noncompliant version
WriteLog("NAI: Non-compliant version of $ProductName installed. Current = $NAIver, Expected = $ProductVersion")
$NAIerror = 1
else
WriteLog("NAI: $ProductName version is OK, Current = $NAIver, Expected = $ProductVersion")
;Add Engine and DAT check here.
endif
endif
; NAI registry tracking
if $NAIerror > 0
; Track number of logons without compliant AV software
; Write FlagFile at 5 occurances
if KeyExist($NaiTrackKey) = 0
; key not found
$rc = AddKey($NaiTrackKey)
if $rc = 0
$rc = WriteValue ($NaiTrackKey, $NaiTrackVal, "1", "REG_SZ")
if $rc > 0
WriteLog("NAI: Error $rc: Write value $NaiTrackKey\$NaiTrackVal")
endif
else
WriteLog("NAI: Error $rc: Creating $NaiTrackKey")
endif
else
; key exists
$NaiTrackCnt = ReadValue($NaiTrackKey,$NaiTrackVal)
if @ERROR > 0
WriteLog("NAI: Error @ERROR: Reading $NaiTrackKey\$NaiTrackVal")
endif
$NaiTrackCnt = val($NaiTrackCnt) + 1
if $NaiTrackCnt = 5
if IsNonServer()
$System = "Client"
else
$System = "Server"
endif
if exist ($outfile)
DEL "$outfile"
endif
$str = "[Local]" + @CRLF +
"LogonDomain=" + $Ldomain + @CRLF +
"User=" + $UserID + @CRLF +
"IP=" + $IP0 + @CRLF +
"Product=" + $ProductName + @CRLF +
"Version=" + $NAIver + @CRLF +
"Domain=" + $Domain + @CRLF +
"System=" + $System
WriteLog2($outfile, $str)
$rc = WriteValue ($NaiTrackKey, $NaiTrackVal, "$NaiTrackCnt", "REG_SZ")
if $rc > 0
WriteLog("NAI: Error $rc: Write value ($NaiTrackCnt) to $NaiTrackKey\$NaiTrackVal")
endif
else
if $NaiTrackCnt = 20
$rc = WriteValue ($NaiTrackKey, $NaiTrackVal, "1", "REG_SZ")
if $rc > 0
WriteLog("NAI: Error $rc: Write value (1) to $NaiTrackKey\$NaiTrackVal")
endif
else
$rc = WriteValue ($NaiTrackKey, $NaiTrackVal, "$NaiTrackCnt", "REG_SZ")
if $rc > 0
WriteLog("NAI: Error $rc: Write value $NaiTrackKey\$NaiTrackVal")
endif
endif
endif
endif
else
;clean up NAI registry tracking if compliant AV software is found.
if KeyExist($NaiTrackKey) = 1
$rc = DelKey($NaiTrackKey)
if $rc > 0
WriteLog("NAI: Error $rc: deleting $NaiTrackKey")
endif
if exist ($outfile)
DEL "$outfile"
WriteLog("NAI: Deleted $outfile")
endif
endif
; Copy EXTRA.DAT if it exists
$NAIpath=ReadValue("HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\VirusScan Engine\4.0.xx","szInstallDir")
if @ERROR=0
if exist ("$Lpath\corp\extra.dat")
COPY "$Lpath\corp\extra.dat" "$NAIpath"
if @ERROR = 0
WriteLog("NAI: Copy new EXTRA.DAT to $NAIpath\extra.dat")
else
WriteLog("NAI: Error @ERROR, @SERROR: Failed to Copy EXTRA.DAT to $NAIpath\extra.dat")
endif
else
if exist ("$NAIpath\extra.dat")
DEL "$NAIpath\extra.dat"
;WriteLog("NAI: Delete $NAIpath\extra.dat")
endif
endif
else
WriteLog("NAI: Error @ERROR: Reading NAI install path")
endif
endif
else
WriteLog("NAI: Subroutine exitinf because this is a Terminal server")
endif
Return
[ 01 May 2002, 17:19: Message edited by: Howard Bullock ]
|
|
Top
|
|
|
|
|
#20945 - 2002-05-01 05:35 PM
Re: Anti-Virus Software and KIXtart
|
Kdyer
KiX Supporter
Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
|
Howard/Brian,
Have you had a look at - http://www.utdallas.edu/~pauls/scripts.html ?
This is pretty good stuff.
I know alot of the functionality is built-in to ePO/Management Edition...
- Kent
|
|
Top
|
|
|
|
|
#20947 - 2002-05-01 06:15 PM
Re: Anti-Virus Software and KIXtart
|
BrianTX
Korg Regular
Registered: 2002-04-01
Posts: 895
|
Thanks Howard. I'm actually doing something a bit easier to track the version. Where are you getting your WriteLog function?.. tracking the SDAT is pretty simple. The easiest way is to use the value:
"HKLM\SOFTWARE\Network Associates\TVD\Shared Components\VirusScan Engine\4.0.xx" for VirusScan 4.5 and later. Before that, it is found in another location.
Les -- I've never been let down my McAfee VirusScan.. not once. I've seen all sorts of problems with NAV (I used to work at DELL and that's what they used). Another thing about NAI... their groupshield product is awesome. It allows us to block files and clean viruses on all incoming emails. NAI's customer service and tech support is pretty good as well.
Suffice it to say.. we have NEVER had a large outbreak of viruses, even though our WAN includes systems over which we have no control.
Brian
|
|
Top
|
|
|
|
|
#20948 - 2002-05-01 06:20 PM
Re: Anti-Virus Software and KIXtart
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
WriteLog and WriteLog2 are posted in the UDF Library and at ScriptLogic.com
WriteLog()
WriteLog2()
|
|
Top
|
|
|
|
|
#20949 - 2002-05-01 06:22 PM
Re: Anti-Virus Software and KIXtart
|
BrianTX
Korg Regular
Registered: 2002-04-01
Posts: 895
|
Will these writelog scripts work well writing to a network location? We may have 1000s of users logging on at the same time..... how could i write to the same log file?
Kent -- I looked at that page and he is using many of the tricks I use, but my script is much simpler. (I do in about 20 lines what he does in 100)
Brian
|
|
Top
|
|
|
|
|
#20950 - 2002-05-01 06:29 PM
Re: Anti-Virus Software and KIXtart
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
BrianTX, the checking of the product version is easy. So is the checking of the engine and DAT versions. But we deploy the updates via SMS to 20% of the client computers per day. That means that at every logon, any one computer could have a couple different versions of DAT files which would be valid in our business model.
Most of the code that I posted was to limit WAN traffic, to limit impact on the script performance, and to limit any false reports of non-compliant computers. You see I track the count of logon script executions where the client is non-compliant and only report (write file across global wan) every 25 logons. The first report is after the fifth logon. This eliminates false reports where computers were just built. Then it does not report again until 20 more logons occur. This gives the local support teams time to take action. If the coomputer is not correct by then, it is again logged.
[ 01 May 2002, 18:36: Message edited by: Howard Bullock ]
|
|
Top
|
|
|
|
|
#20951 - 2002-05-01 06:32 PM
Re: Anti-Virus Software and KIXtart
|
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
|
code:
; ******************************* McAfee VirusShield Section *********************************
$NAITVD ="$HKLMS\Network Associates\TVD"
$vsengine ="$NAITVD\Shared Components\VirusScan Engine\4.0.xx"
$mcupdate ="$NAITVD\Shared Components\McUpdate\CurrentVersion"
$vscandir =readvalue("$NAITVD\VirusScan","szInstallDir")
$vscanver =readvalue("$NAITVD\VirusScan","szCurrentVersionNumber")
$vscaneng =readvalue("$vsengine","szEngineVer")
$vscandat =readvalue("$vsengine","szDatVersion")
$vsdatdir =readvalue("$vsengine","szInstallDir")
$vsdatdate =readvalue("$vsengine","szDatDate")
$mcupdexe =readvalue("$mcupdate","szInstallDir")
; ******* install it
$availver=readprofilestring("$setup\apps\mcafee\install\PkgDesc.ini","VSNT","Version")
if "$availver">"$vscanver"
if updateapp("VirusScan4.5.1",0,1)="yes"
shell ('$setup\apps\mcafee\install\setup.exe reboot=r scanatstartup=false forceinstall=true /qb /i')
$vscanver =readvalue("$NAITVD\VirusScan","szCurrentVersionNumber")
endif
endif
; ******* Service pack it
if "4.5.1.1306">"$vscanver"
if updateapp("VirusScan4.5.1-SP1",0,1)="yes"
shell ('$setup\apps\mcafee\Sp1\VSC451S1.EXE /silent')
$vscanver =readvalue("$NAITVD\VirusScan","szCurrentVersionNumber")
endif
endif
; ******* Superdat it
$availeng=readprofilestring("$setup\apps\mcafee\upgrade\superdat.ini","superdat","Version")
if $availeng > $vscaneng
$=writevalue("$McUpdate\Upgrade\Upgrade Site1","szUNCLocation","$setup\Apps\McAfee\Upgrade",REG_SZ)
shell ('"$mcupdexe/MCUPDATE" /TASK UPGRADE /BATCH /norestart')
$vscaneng =readvalue("$vsengine","szEngineVer")
endif
; ******* dat it
$availdat=dir("$setup\apps\mcafee\update\*.zip")
$availdat=substr("$availdat",5,4)
if instr("$vscandat","$availdat")=0
$=writevalue("$McUpdate\Update\Update Site1","szUNCLocation","$setup\Apps\McAfee\Update",REG_SZ)
shell ('"$mcupdexe/MCUPDATE" /TASK UPDATE /BATCH')
$vsdatdate =readvalue("$vsengine","szDatDate")
$vscandat =readvalue("$vsengine","szDatVersion")
endif
; ******* extra.dat it
FreshFile("$setup\apps\mcafee\update","$vsdatdir","extra.dat")
? " Installed "color c+/n"VirusShield $vscanver "color w/n"is version " color w+/n $vscandat color w/n " dated " color w+/n $vsdatdate color w/n
|
|
Top
|
|
|
|
Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart
|
1 registered
(Allen)
and 313 anonymous users online.
|
|
|
![[Frown]](images/icons/frown.gif){kind=icon}
, oh wait that wan't my decision! ![[Big Grin]](images/icons/grin.gif){kind=icon}
) But it is a combersome program! And they (the IT peeps that wear the black suits and dark sunglasses) are looking for another virus solution as I type.
