powershell query policy manager

krisvdv

hi guys,  I'm new to F-Secure and I was wondering whether I could use Powershell to query the policy manager somehow, or the f-secure client on the server?  The IT manager would love to have a simple script that he can simply run to check various server properties regarding all sorts of non-f-secure related settings, but also including the F-Secure AV definitions versions. Would that be possible?

A_Grinkevitch

Hi Krisvdv,

There are number of options to achieve what you wish:
You can use WMI: https://help.f-secure.com/product.html#business/policy-manager/14.30/en/concept_E55FFF0187A54B79B30637C7983BDCC8-14.30-en

 

You can fetch DB update info (if it is enough for you) from the client’s registry HKEY_LOCAL_MACHINE\SOFTWARE\F-Secure\Ultralight\updates
Some engines have subkeys, latest is active, you can skip older one – it is for rollback purposes

 

And the last one, a bit overcomplicated especially for powershell scripting: to fetch data directly from the Policy Manager DB. In case you switched PM to MySQL everything is more or less straightforward. In case default H2 engine is used, you need to enable ODBC connector. See page https://community.f-secure.com/t5/Business-Suite/Policy-Manager-advanced/ta-p/11869 properties odbcConnectorEnabled, odbcConnector.pgAllowOthers, odbcConnector.pgPort

Regards,
Alex

krisvdv

hi Alex, thanks for the reply.

 

It seems that WMI is the way to go for us, however, I can't get it working.  Does it work only when you have PSB?  I believe we just use the F-Secure Policy Manager Console.

 

The F-Secure docs mention : 

.
Obtaining properties via WMI
Instructionson how to obtain properties via WMI.

1.Turn on the WMIProvidersetting as follows:
  a) In the PSB portal,go to Profiles>GeneralSettings.
  b) Unde rIntegrations, turn on WMI Provider.
  c) Select Save and Publish.
  d) Go to Devices and select your device.
  e) Select Assignprofile>Assign.

2.Open WindowsPowerShell with the administrator rights.

3.At the command prompt,enter commands as shownbelow to retrieve,for example,the followingclassesandproperties.
• Retrievingproductversion
$product= Get-WmiObject -Namespace "root/fsecure" -ClassProduct

MJ-perComp

go to Settings /Advanced view:

 

krisvdv

Ok, found it, thanks!

krisvdv

So now WMI is enabled, but I still can't use it.
At a certain point I was asked confirmation to enable (through distribution) this on remote machines to which I replied with a yes.

 

Still these commands are not working, not even when connected to the server (with rdp):

 

Get-WmiObject -List | where { $_.name -match 'avdefinition'}

-> no result

 

get-wmiobject -namespace ROOT -list | where { $_.name -match 'fsecure'}
-> no result

get-wmiobject -namespace ROOT -list

-> no fsecure in the list

 

Get-WmiObject -Namespace root -class __namespace | Select-Object -Property name

-> no fsecure in the list

 

I tried all sorts of variations/combinations, but still no result.

 

 

What am I missing?

thanks,

Kris

MJ-perComp

You have enabled WMI on the HOSTs.
But the topic of this thead is "query policy manager".

 

Now, what do you want to do?

krisvdv

I have a list of 250 Windows servers all running the F-Secure client.

We would like to know which AV Definitions versions is installed on those servers.

 

To use WMI, we need to query the servers directly, not the policy manager I believe?
(I didn't now this when I posted the original question. )

 

So subject should be :  powershell/WMI/F-Secure clients

 

Thanks.

 

 

MJ-perComp

"Get-WmiObject -Namespace "root/fsecure" -Class Antivirus"
works fine on my end (Not sure if a reboot is needed).

check here for examples:
https://help.f-secure.com/product.html#business/psb-portal/latest/de/task_D863946C3247471F948CD82785CC1A3A-psb-portal-latest-de

But keep in mind that the ORSP Connectivity status is the more important information.
IMHO the AvUpdate status of a client is not very usefull. The age of the Updates compared to last connectionstatus is more interesting.

Performing an action on a "menat to be old" status can also be a problem, as system usually start updateing only a few minutes after bootup.

 

krisvdv

result is :

Get-WmiObject : Invalid namespace "root/fsecure"

So the namespace can't be found.

I have no idea how to start troubleshooting this..

 

MJ-perComp

Did you reboot?
Did you run PS in Admin?

krisvdv

Running PS with domain admin.

Reboot the Policy Manager server you mean?

Vad

Hello krisvdv,

 

Let's summarize the requirements.

1. The WMI Provider should be enabled for desired clients in Policy Manager Console, as described earlier.

2. Windows PowerShell console should be started with administrative rights on the client machine with Client Security 14.10 / Server Security 14.00 / Email and Server Security 14.00 installed.

3. Commands presented in

https://help.f-secure.com/product.html#business/psb-portal/latest/en/task_D863946C3247471F948CD82785CC1A3A-psb-portal-latest-en

are supported. I'd verified

Get-WmiObject -Namespace "root/fsecure" -Class Product

command with CS 14.10 and SS 14.00. It works fine.

If you have any problems, please, contact support. We will need diagnostic information from affected client machine, and screenshot(s) with failed command(s) for investigation.

 

Best regards,

Vad

krisvdv

 

"please, contact support."  -> ok, email or ticket?

JamesC

Hi Krisvdv

 

You may create a support request on our website here

MJ-perComp

No, reboot the Client.
Did you distribute the policy?
Did the policy arrive on the client?

Powershell has to be executed ON the Client.
You are not communicating with the PMS at all!
Working as (Domain) Administrator does not mean that the PS is lauched "as Administrator".