(imported topic written by mcgougm91)
So…
The company that I’m at has a requirement to install BigFix on their XP desktop image and they want the AV client installed and configured on the image as well…but not by enabling a policy in BigFix. Instead they want the image to be using the Computer Associates AV stand alone install and magically have it link back to BigFix for logging / reporting when a virus is detected on a client.
We have the Computer Associates client and it installs just fine and the realtime and scheduled scans work perfectly. Unfortunately, BigFix is not aware of the scan results from the clients that are installed using this method. Because really we should be installing AV via a BigFix policy. But that is not what the customer wants. I don’t make the rules, I just try to follow them. =)
I’ve been through the action script in the BigFix task that installs the AV client and am trying to pick out the parts that are needed to link the stand alone AV client back to BigFix. The BESLoggingService needs to be invoked and the services need to be restarted. Is there more that I need to do? I do know there are these registry keys as well, which aren’t created with the stand alone install:
HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\LoggingService\Plugins\Locations
@=""
“CA_AV”=“C:\Program Files\BigFix Enterprise\BES Client\BESClientLoggingService\lib\antivirus.dll”
and here is a key and set of values created after a scan has been run (this was created by a client that got AV installed via BigFix policy)
HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\AntiVirus
“InstallationDate”=“Tue, 10 Mar 2009 08:48:48 -0700”
“FilesScanned”=“0”
“VirusesFound”=“0”
“VirusesFoundTotal”=“0”
“InfectedFilesFound”=“0”
“Path”=“C:\Program Files\BigFix Enterprise\BES Client\BESClientLoggingService\AV”
“ErrorFiles”=“0”
“ScanParameters”="-MEM -ENG Vet -MOD Secure -ACT Cure -SCA RF -MCA RI -ARC -SFI -ARF -SYS -EXE "
“LastSigUpdate”=“Thu, 23 Apr 2009 12:22:03 -0700”
“ScanDirectories”=""
“FirstScan”=“Tue, 03 Feb 2009 20:09:57 -0800”
“ScanCount”=“8”
“LastScan”=“Tue, 24 Mar 2009 12:00:54 -0700”
“RenamedFiles”=“0”
“CuredFiles”=“0”
“CuredFilesTotal”=“0”
“MovedFiles”=“0”
“DeletedFiles”=“0”
“LastScanDuration”=“00:09:29”
“AvgScanDuration”=“00:09:29”
“SDKPath”=“C:\Program Files\BigFix Enterprise\BES Client\BESClientLoggingService\lib”
HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\AntiVirus\Statistics
HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\AntiVirus\Statistics\OverallRunStats
“RTTotalVirusesBlocked”=“49”
Any ideas about how I can script the Computer Associates AV install so that it simulates an install via BigFix policy? Thank you in advance for patiently reading through this post and not replying that I should hit the customer over the head with the “use the BigFix task” frying pan.