Hello,
does anyone have an idea how to check the pattern-version of TrendMicro WFBS? It would really help us a lot to get a warning if one of the servers has an expired pattern-file. If we could check this with HostMonitor we would no longer need the TrendMicro Dashboard.
Thanks for any hint,
Thomas
Check TrendMicro Pattern-Version
-
thomas.mueller@envers.de
- Posts: 34
- Joined: Mon Oct 26, 2009 2:55 pm
- Location: Duisburg, GERMANY
Sorry, we cannot find such information. Looks like agent sends such information (version) to server and server in turn can send some notifications to 3rd party applications (like HostMonitor) using SNMP Trap messages; also server may record various events into NT Event Log.
But we did not find information is it possible to provide pattern-version information using these notifications.
I think you should ask TrendMicro support team is it possible to provide such information to 3rd party software using some acknowledged protocols like SNMP, Event Log, WMI.
Regards
Alex
But we did not find information is it possible to provide pattern-version information using these notifications.
I think you should ask TrendMicro support team is it possible to provide such information to 3rd party software using some acknowledged protocols like SNMP, Event Log, WMI.
Regards
Alex
-
thomas.mueller@envers.de
- Posts: 34
- Joined: Mon Oct 26, 2009 2:55 pm
- Location: Duisburg, GERMANY
No, not yet. We are still thinking about that problem. I found out that I can obtain the number of the current pattern from ftp://ftp:/download.trendmicro.com/prod ... atsnew.txt But I still have no idea of how to compare that version-number with the filename of the pattern-file in the Trendmicro Installation-folder.
You can readout WMI-Infos on the Clients.
We have two Tests implemented on all machines:
WMI-Namespace: root\SecurityCenter
Query: select onAccessScanningEnabled from AntiVirusProduct
WMI-Namespace: root\SecurityCenter
Query: select productUptoDate from AntiVirusProduct
On the the Dashboard you can define the Days after the Query "select productUptoDate from AntiVirusProduct" becomes False. We are Using 2 days.
We have two Tests implemented on all machines:
WMI-Namespace: root\SecurityCenter
Query: select onAccessScanningEnabled from AntiVirusProduct
WMI-Namespace: root\SecurityCenter
Query: select productUptoDate from AntiVirusProduct
On the the Dashboard you can define the Days after the Query "select productUptoDate from AntiVirusProduct" becomes False. We are Using 2 days.
-
thomas.mueller@envers.de
- Posts: 34
- Joined: Mon Oct 26, 2009 2:55 pm
- Location: Duisburg, GERMANY
@andreas
WMI was one of my first ideas, too. I have been exploring it a lot. In fact I am a bloody beginner with WMI - didnt even realize there are different name spaces to choose from. So thank you for helping me with this
The bad news is: I cant find a name space called "SecurityCenter". I guess it depends on the OS version that I want to monitor. I need to check Windows Server 2003.
Could you give me another hint on how to go on?
Thanks!
WMI was one of my first ideas, too. I have been exploring it a lot. In fact I am a bloody beginner with WMI - didnt even realize there are different name spaces to choose from. So thank you for helping me with this
The bad news is: I cant find a name space called "SecurityCenter". I guess it depends on the OS version that I want to monitor. I need to check Windows Server 2003.
Could you give me another hint on how to go on?
Thanks!