View previous topic :: View next topic |
Author |
Message |
siesenhauer
Joined: 01 Dec 2004 Posts: 1
|
Posted: Wed Dec 01, 2004 4:29 pm Post subject: Windows Update/Virus Definitions |
|
|
I was wondering if anyone knew how I could monitor how up to date virus definition files (mainly for norton products, but any information is good) are and how up to date a computers windows updates are with snmp or some other method in Advanced Host Monitor. Thanks |
|
Back to top |
|
|
KS-Soft
Joined: 03 Apr 2002 Posts: 12795 Location: USA
|
Posted: Wed Dec 01, 2004 5:18 pm Post subject: |
|
|
5 posts with the same question? Imagine what happens if everybody will do the same
Quote: | I was wondering if anyone knew how I could monitor how up to date virus definition files (mainly for norton products, but any information is good) |
You want to monitor how old files are? Or you want to know is there new updates for Norton Antivirus available?
In 1st case you may use "Folder/File Availability" test method. It can start alerts when file is older than ...
In 2nd case you may use HTTP or URL test method to monitor Symantec web site and start alert when content of the page is changed.
I think you need to monitor this page: http://securityresponse.symantec.com/avcenter/download.html
Use "Check CRC" and "Recalculate CRC when page content changes detected" options of the test.
Quote: | and how up to date a computers windows updates |
Sorry, don't know good method.
Regards
Alex |
|
Back to top |
|
|
Arilexed
Joined: 06 Dec 2004 Posts: 26 Location: The Lowlands
|
Posted: Fri Jan 21, 2005 2:50 am Post subject: |
|
|
Alex,
I think I need an mix of your two solutions. Which means I need to check if my installed virus definitions are the same as the one symantec released as last.
Example: My virus definitions are currently from 17-01-2005. If I check http://securityresponse.symantec.com/avcenter/download.html I see that the latest released virus definitions are from 20-01-2005. So I need a test that would give me, in this case, the result "bad".
Gimme gimme gimme |
|
Back to top |
|
|
KS-Soft
Joined: 03 Apr 2002 Posts: 12795 Location: USA
|
Posted: Fri Jan 21, 2005 6:44 pm Post subject: |
|
|
I am afraid HostMonitor cannot do that. You need some custom made script...
Regards
Alex |
|
Back to top |
|
|
Arilexed
Joined: 06 Dec 2004 Posts: 26 Location: The Lowlands
|
Posted: Sat Jan 22, 2005 7:36 pm Post subject: |
|
|
KS-Soft wrote: | I am afraid HostMonitor cannot do that. You need some custom made script...
Regards
Alex |
Okay... so give me a custom made hm-script lol
But I can't be the first one wanting to check the virusdefinitions with HM. Anyone got some bright ideas? |
|
Back to top |
|
|
KS-Soft
Joined: 03 Apr 2002 Posts: 12795 Location: USA
|
Posted: Sat Jan 22, 2005 10:46 pm Post subject: |
|
|
I assume you want to check Norton databases on remote systems because antivirus on local system can be configured for auto updates... Right?
So, probably you can check how obsolete database on remote systems relatively to database on your system? I think this script will be much more simply. Actually HostMonitor supports "Compare files" test that probably may perform such check.
Create script to check date on some web page is not very usefull, I think Symantec may change format of that page at any time. Most likely symantec web site processes some special requests to provide that information to Norton Antivirus but I don't have information about format of this request/responce. Do you?
Regards
Alex |
|
Back to top |
|
|
Wooltown
Joined: 22 May 2002 Posts: 115 Location: Sweden
|
Posted: Mon Jan 24, 2005 1:36 am Post subject: |
|
|
A suggestion is to use AutoIT, from http://www.autoitscript.com/ , with AutoIT, you can start/stop programs read the content of a window and write as well.
AutoIt has one limitation, you cannot have a screen saver, becuase it can only read and write the active window, but if your monitoring PC is in a locked room, there is no worry.
Regards
Sven |
|
Back to top |
|
|
Arilexed
Joined: 06 Dec 2004 Posts: 26 Location: The Lowlands
|
Posted: Mon Jan 24, 2005 8:09 pm Post subject: |
|
|
Okay, I think I'm trying to create an fully automated script for checking the definitions on (remote) systems.
I think it's gonna be something like:
Step 1. Setting up test1 "Receiving notification that new virusdefinitions have been released by Symantec (Status "Bad" e.g. action has to be taken)";
Step 2. Test1 depends on test2 "Only return status "Bad" if installed virusdefinitions are older than the current released virusdefinitions.
This way, whenever the virusdefinitions are older than the latest released virusdefinitions the test will give a "Bad" result.
If anyone has some bright input how above goal could be reached... Also, any thinking-out-of-the-box remarks are appreciated.
Regards, Arend |
|
Back to top |
|
|
KS-Soft
Joined: 03 Apr 2002 Posts: 12795 Location: USA
|
Posted: Wed Jan 26, 2005 4:58 pm Post subject: |
|
|
Quote: | Step 1. Setting up test1 "Receiving notification that new virusdefinitions have been released by Symantec (Status "Bad" e.g. action has to be taken)"; |
If Symantec changes this web page (http://securityresponse.symantec.com/avcenter/download.html) every time it releases new database, you may use URL or HTTP test method with "Check CRC" and "Recalculate CRC when page content changes detected" options
Quote: | Step 2. Test1 depends on test2 "Only return status "Bad" if installed virusdefinitions are older than the current released virusdefinitions. |
File/Folder Availability test method allows you to check how old some files are.
Regards
Alex |
|
Back to top |
|
|
kkern
Joined: 16 Jun 2003 Posts: 4
|
Posted: Tue Jun 07, 2005 3:00 pm Post subject: Testing for Windows Update |
|
|
I didn't see anyone mention a solution for the Windows Update test, but here is what I do:
I have each server set up to download and notify me when an update is available. I have a process test watch for the following:
Alert when more than 0 "wuauclt" are running.
From what I have figured out, the little globe/Windows Update icon by the system tray comes from the wuauclt process. So if this process is running, 99 chances out of 100, there is an update to install. I can always tell when Patch Tuesday arrives .. all my servers go red.
I did notice one time this test went red, then back to OK. I'm guessing it was the wuauclt processing Microsoft's web site and finding nothing.
I also have a test to flag if I run the updates, but forget to reboot it.
Hope this helps ...
Keith |
|
Back to top |
|
|
plambrecht
Joined: 19 May 2004 Posts: 151 Location: Belgium
|
Posted: Tue Jun 07, 2005 3:29 pm Post subject: |
|
|
To check the nbr of WU waiting, check this file:
C:\Program Files\WindowsUpdate\catalog.xml
it's an XML file with the nbr of updates on the first line (ITEMCOUNT=)
A little vbscript can read that value..
Greetz
P. |
|
Back to top |
|
|
KS-Soft
Joined: 03 Apr 2002 Posts: 12795 Location: USA
|
Posted: Wed Jun 08, 2005 8:36 am Post subject: |
|
|
Thank you guys. I think this information can be useful for many people
Regards
Alex |
|
Back to top |
|
|
vidyagana
Joined: 25 Mar 2005 Posts: 106
|
Posted: Wed Jun 08, 2005 10:08 am Post subject: |
|
|
Hi,
I have symantec anti virus installed on my system. The system I am monitoring has antivirus client installed on it and it has updates being pushed from another machine. How will I monitor if the virus definitions are up to date on the client?
Thanks. |
|
Back to top |
|
|
vidyagana
Joined: 25 Mar 2005 Posts: 106
|
Posted: Mon Jul 11, 2005 8:20 am Post subject: |
|
|
Hi,
This is in regard to a response for this post earlier from "plambrecht" about getting the number of windows updates from a file catalog.xml from the node ITEMCOUNT. I am new to VBScript and I was wondering if anyone has a sample VBScript to read that value.
Thanks for your help. |
|
Back to top |
|
|
KS-Soft
Joined: 03 Apr 2002 Posts: 12795 Location: USA
|
|
Back to top |
|
|
|