Windows Update/Virus Definitions
-
siesenhauer
- Posts: 1
- Joined: Wed Dec 01, 2004 4:21 pm
Windows Update/Virus Definitions
I was wondering if anyone knew how I could monitor how up to date virus definition files (mainly for norton products, but any information is good) are and how up to date a computers windows updates are with snmp or some other method in Advanced Host Monitor. Thanks
5 posts with the same question? Imagine what happens if everybody will do the same
In 1st case you may use "Folder/File Availability" test method. It can start alerts when file is older than ...
In 2nd case you may use HTTP or URL test method to monitor Symantec web site and start alert when content of the page is changed.
I think you need to monitor this page: http://securityresponse.symantec.com/av ... nload.html
Use "Check CRC" and "Recalculate CRC when page content changes detected" options of the test.
Regards
Alex
You want to monitor how old files are? Or you want to know is there new updates for Norton Antivirus available?I was wondering if anyone knew how I could monitor how up to date virus definition files (mainly for norton products, but any information is good)
In 1st case you may use "Folder/File Availability" test method. It can start alerts when file is older than ...
In 2nd case you may use HTTP or URL test method to monitor Symantec web site and start alert when content of the page is changed.
I think you need to monitor this page: http://securityresponse.symantec.com/av ... nload.html
Use "Check CRC" and "Recalculate CRC when page content changes detected" options of the test.
Sorry, don't know good method.and how up to date a computers windows updates
Regards
Alex
Alex,
I think I need an mix of your two solutions. Which means I need to check if my installed virus definitions are the same as the one symantec released as last.
Example: My virus definitions are currently from 17-01-2005. If I check http://securityresponse.symantec.com/av ... nload.html I see that the latest released virus definitions are from 20-01-2005. So I need a test that would give me, in this case, the result "bad".
Gimme gimme gimme
I think I need an mix of your two solutions. Which means I need to check if my installed virus definitions are the same as the one symantec released as last.
Example: My virus definitions are currently from 17-01-2005. If I check http://securityresponse.symantec.com/av ... nload.html I see that the latest released virus definitions are from 20-01-2005. So I need a test that would give me, in this case, the result "bad".
Gimme gimme gimme
lolI assume you want to check Norton databases on remote systems because antivirus on local system can be configured for auto updates... Right?
So, probably you can check how obsolete database on remote systems relatively to database on your system? I think this script will be much more simply. Actually HostMonitor supports "Compare files" test that probably may perform such check.
Create script to check date on some web page is not very usefull, I think Symantec may change format of that page at any time. Most likely symantec web site processes some special requests to provide that information to Norton Antivirus but I don't have information about format of this request/responce. Do you?
Regards
Alex
So, probably you can check how obsolete database on remote systems relatively to database on your system? I think this script will be much more simply. Actually HostMonitor supports "Compare files" test that probably may perform such check.
Create script to check date on some web page is not very usefull, I think Symantec may change format of that page at any time. Most likely symantec web site processes some special requests to provide that information to Norton Antivirus but I don't have information about format of this request/responce. Do you?
Regards
Alex
A suggestion is to use AutoIT, from http://www.autoitscript.com/ , with AutoIT, you can start/stop programs read the content of a window and write as well.
AutoIt has one limitation, you cannot have a screen saver, becuase it can only read and write the active window, but if your monitoring PC is in a locked room, there is no worry.
Regards
Sven
AutoIt has one limitation, you cannot have a screen saver, becuase it can only read and write the active window, but if your monitoring PC is in a locked room, there is no worry.
Regards
Sven
Okay, I think I'm trying to create an fully automated script for checking the definitions on (remote) systems.
I think it's gonna be something like:
Step 1. Setting up test1 "Receiving notification that new virusdefinitions have been released by Symantec (Status "Bad" e.g. action has to be taken)";
Step 2. Test1 depends on test2 "Only return status "Bad" if installed virusdefinitions are older than the current released virusdefinitions.
This way, whenever the virusdefinitions are older than the latest released virusdefinitions the test will give a "Bad" result.
If anyone has some bright input how above goal could be reached... Also, any thinking-out-of-the-box remarks are appreciated.
Regards, Arend
I think it's gonna be something like:
Step 1. Setting up test1 "Receiving notification that new virusdefinitions have been released by Symantec (Status "Bad" e.g. action has to be taken)";
Step 2. Test1 depends on test2 "Only return status "Bad" if installed virusdefinitions are older than the current released virusdefinitions.
This way, whenever the virusdefinitions are older than the latest released virusdefinitions the test will give a "Bad" result.
If anyone has some bright input how above goal could be reached... Also, any thinking-out-of-the-box remarks are appreciated.
Regards, Arend
If Symantec changes this web page (http://securityresponse.symantec.com/av ... nload.html) every time it releases new database, you may use URL or HTTP test method with "Check CRC" and "Recalculate CRC when page content changes detected" optionsStep 1. Setting up test1 "Receiving notification that new virusdefinitions have been released by Symantec (Status "Bad" e.g. action has to be taken)";
File/Folder Availability test method allows you to check how old some files are.Step 2. Test1 depends on test2 "Only return status "Bad" if installed virusdefinitions are older than the current released virusdefinitions.
Regards
Alex
Testing for Windows Update
I didn't see anyone mention a solution for the Windows Update test, but here is what I do:
I have each server set up to download and notify me when an update is available. I have a process test watch for the following:
Alert when more than 0 "wuauclt" are running.
From what I have figured out, the little globe/Windows Update icon by the system tray comes from the wuauclt process. So if this process is running, 99 chances out of 100, there is an update to install. I can always tell when Patch Tuesday arrives .. all my servers go red.
I did notice one time this test went red, then back to OK. I'm guessing it was the wuauclt processing Microsoft's web site and finding nothing.
I also have a test to flag if I run the updates, but forget to reboot it.
Hope this helps ...
Keith
I have each server set up to download and notify me when an update is available. I have a process test watch for the following:
Alert when more than 0 "wuauclt" are running.
From what I have figured out, the little globe/Windows Update icon by the system tray comes from the wuauclt process. So if this process is running, 99 chances out of 100, there is an update to install. I can always tell when Patch Tuesday arrives .. all my servers go red.
I did notice one time this test went red, then back to OK. I'm guessing it was the wuauclt processing Microsoft's web site and finding nothing.
I also have a test to flag if I run the updates, but forget to reboot it.
Hope this helps ...
Keith
-
plambrecht
- Posts: 151
- Joined: Wed May 19, 2004 8:11 am
- Location: Belgium
- Contact:
You may use XMLDOM class to work with XML document. I hope following article will be useful
http://msdn.microsoft.com/library/defau ... ginner.asp
Regards
Alex
http://msdn.microsoft.com/library/defau ... ginner.asp
Regards
Alex