Problem Software to detect AV + FW status of domain machines/Servers

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi Guys,
I'm looking for an application to help me determine the AV and FW status of domain machines/Servers, I have used something previously although i cant remember what it was, I'm not sure whether there is any of this functionality in NMap or MBSA.

Any info would be appreciated!

 

Great thinking Sparky, i dont need to report on whether they have a Fw on their client machine if i enforce this using a GPO, I have now done this! Thanks

I just had a brief look into NAP and it looks a little tricky and possibly not necessary for this small requirement, surely there is a simpler way of determining client AV programs that have been locally installed, i think we have AVG Free and MS Security Essentials for all users.

Kind regards,
Asterix

 

Depends on what your using, many enterprise and SME packages have network admin tools available.

Otherwise, you could look at Spiceworks

 

Or just run a simple Powershell script

 

I did look into this option before, but i have no experience of powershell and from previous investigation i didn't see anything too "simple" about Powershell.

Does anyone have any examples of simple Powershell scripts i could modify, and how i would use the script to obtain the required information?

Kind regards,
Asterix

 

You can use it to query WMI loads of stuff online and books on Amazon

 

The easiest way(since you know the AV that should be installed on your clients) would be to just check for the service

Code:

Get-Service -DisplayName "*comodo*"

or check the Security Center

Code:

$computername=$env:computername
$AV = Get-WmiObject -Namespace root\SecurityCenter2 -Class AntiVirusProduct  -ComputerName $computername

$AV.DisplayName

 

I knew it was gonna be a little out of my scope but your simple breakdown raises so many questions I don't know where to start.
:S

 

What about Forefront Endpoint Protection? It's the business version of MS Security Essentials and can, as far as I'm aware, be centrally managed.

I remember reading somewhere that certain licensing agreements allow you to install this for free? Microsoft licensing is hardly straight forward, so you'll have to seek clarification on this!

There's also Windows Intune (PC Management and Security Software in the Cloud - Windows Intune). I've read a whitepaper on it, but have never seen it deployed.

Alternatively, most Anti-Virus software comes with a tool that can be installed on the servers which allows you to push out updates, check client status etc.

 

Well i did look at some of the more enterprise AV solutions and for a company of 10 (handy ay it enables us to use MS Security essentials without breaching licencing), but we are mostly external sales and technical guys and there is nobody to deal with the day to day config, who would be tasked with anything centrally managed, therefore we are really looking for a standalone AV soloution, and a method of ensuring/detecting this is on all company Laptops.

 

Spiceworks, "The software discovers Windows, Unix, Linux and Mac OS X machines along with other IP-addressable devices such as routers, VOIP phones, printers, etc."

We have used it at work before, and from memory, you can see which AV is installed/running - versions, how up-to-date they are as well.

 

I thought Spicework was call logging software, Ill have to check it out!

Kind regards,
Asterix

 

Yes, it has quite a few features, Helpdesk, Inventory, Network Scanner. It has a series of plugins/addons for it to, one being the Monitoring Software.

 

Thanks for the info, although it may be a little bit heavy weight for this requirement!

 

What questions do you have on the powershell example, at the end of the day all you had to do was paste it into a PS console and it would have displayed the AV name

View attachment 2538

I can finish it off so it either adds the Computer Name and AV info to a file or even email it to you

 

+1 for Spiceworks, although we dont use it for this purpose it is useful for auditing PCs as well as the call logging and so on, plus its free

You can get it to email reports on a frequent basis as well so you can keep up to date