Monitor PSB
We have been using a Monitoring System (CentraStage) for all our managed desktops and servers. One of the things it does is generates a ticket if a desktop has an AV problem e.g. is out of date, not installed, disabled etc. this all happens via agent which uses the Windows Security Centre that’s great for desktops but WSC does not exist on Server’s.
Now you can write your own Monitors and there are loads in the community for most AV but not F-Secure. We obvious use the PSB portal but ideally we would also like it in our monitoring system which is much more proactive.
So how can I get the status of a Servers F-Secure:
- It is installed (OK I can manage that one)
- It is Active
- Up to date
In a custom monitor we can use: DOS cmd, Vbscript, Javascript, powershell, python and maybe a couple of others. So that mean I access to webservices, registry, wmi, files system etc etc.
What can I check for / against to give me the info above, and if there are multiple what is the most robust.
Regards
Piers
Comments
-
Hello Piers,
The PSB portal should provide a pretty comprehensive overview of what you want to monitor.
However if you want an alternative way to monitor if the product is active, checking that F-secure services are running would be the way to go.
Concerning the virus definition updates, please refer to this thread.
6 -
Thanks, I had seen that but I was looking for alternatives, but I think that will work. I got a bit distracted by SNMP bit and started to try to use the RMM SNMP monitor to retieve the value. Out of intrest is there a Port and a Community string for this OID?
Anyway I have written (well started to write) a batch file which do the job using the info from that post.
Thanks again
Piers
0 -
I am not sure to understand what you mean by "is there a Port and a Comunity string for this OID?".
Could you explain what you are referring to?
0 -
Hi Ben,
In the Post it uses "POLUTIL.EXE g 1.3.6.1.4.1.2213.12.2.140" to get the Status.
1.3.6.1.4.1.2213.12.2.140 is a OID which is a SNMP Object ID that hold a value (or String etc). Normally retrieved with a SNMP monitor tool. To use a Monitoring tool you normally give it the IP address, port (if nonstandard), and a Community String (a Passphase if you like). It seem that POLUTIL is just retiving the OID from the local machine. Which Potentially could be done very natively with a monitoring system but you would need the the Community (and port if Custom)
Piers
0
Categories
- All Categories
- 4.8K WithSecure Community
- 3.6K Products
- 3 Get Support