AntiVirus Protection

Version 1

    This template allows you to monitor the status of popular AntiVirus products installed on the target machine.


    Prerequisites: WinRM must be installed and properly configured on the target server and WMI access to the target server.

    Credentials: Administrator on target server.

    Note: This template can monitor the following AntiVirus products and versions:
    -- AVG 2012-2015
    -- Avira 10-14
    -- ESET NOD32 4-8
    -- Kaspersky Endpoint Security 8,10
    -- Kaspersky Small Office Security 13
    -- Kaspersky Antivirus 9,12-15
    -- Kaspersky Internet Security 9,12-15
    -- McAfee AntiVirus Plus 2012-2014
    -- McAfee Endpoint Security Platform 10
    -- Microsoft Security Essentials
    -- Microsoft Forefront Security Client
    -- Symantec Small Business Endpoint Protection 12
    -- Symantec Endpoint Protection 11-12
    -- Total Defence Internet Security Suite 2012
    -- Total Defence Anti-Virus 2012
    -- Trend Micro OfficeScan 11
    -- Trend Micro Worry-Free Business Security 7-9
    -- Vipre AntiVirus 2015
    -- Vipre Bussiness Agent 7
    -- Webroot SecureAnywhere Endpoint Protection 7
    -- F-Secure AntiVirus 14
    -- F-Secure Internet Security 14
    -- Microsoft Windows Defender


    Components Monitors

    AntiVirus Protection

         This monitor determines which AntiVirus product is installed on the target machine. If the correct product is found, a script returns the following information:

         Product – This component determines whether the correct product is found (1) or not (0). When the product is found, the script returns the AntiVirus name and version in the message field.

         Updates – This component returns the number of days that have passed since antivirus definitions have been updated.

         Protection – This component determines whether AntiVirus protection is enabled (1) or not (0).


    Configuring Windows Remote Management (WinRM)

    1. If not already done so, install PowerShell 2.0 and WinRM on the SAM and target servers. Powershell 2.0 can be found here: http://support.microsoft.com/kb/968930.
    2. On the SAM server, open a command prompt as an administrator. To do this, perform the following step:
    • Go to the Start menu and right-click the cmd.exe and then select Run as Administrator.
    1. Enter the following in the command prompt:
             winrm quickconfig
      winrm set winrm/config/client @{TrustedHosts="*"}
    2. 4.     On the target server, open a command prompt as an Administrator and enter the following:
             winrm quickconfig
      winrm set winrm/config/client @{TrustedHosts="IP_ADDRESS"}

    where IP address is the IP address of your SAM server.



    Last updated 2/26/2015