Kaspersky updates

DSimona 2016-09-21 08:48:52 UTC #1

Are Kaspersky Antivirus updates supported by BigFix?

sureshhan 2016-09-21 12:11:32 UTC #2

Bigfix is not supporting Kaspersky Antivirus but you can create a software distribution Package to deploy the updates.

reg
suresh

DSimona 2016-09-21 13:15:44 UTC #3

Yes, that was the solution I wanted to suggest as well, although this mean there will be delays between the release of the update and the actual update being deployed.

Aram 2016-09-21 13:20:19 UTC #4

If this is an area of interest, I’d suggest filing an RFE to help gauge demand:

DSimona 2016-09-21 13:50:17 UTC #5

Yes, thank you for your suggestion.
This is definitely a more suited solution.

jgstew 2016-09-21 17:44:33 UTC #6

There are a few options.

You could trigger Kaspersky to check for updates to it’s virus definitions on a schedule using BigFix, or you could only trigger it if the virus definitions are older than X days.

This is exactly why I created the following: https://bigfix.me/fixlet/details/743

I had the case where clients off network could only contact the central Symantec server while on VPN, so they would have outdated virus definitions, which wasn’t good. The BigFix content I created triggered the update of the Virus Definitions as soon as the VPN connected, which prevented them from getting out of date in the first place.

Another option is that you could use something like AutoPkg to automatically create BigFix content every time Kaspersky updates their definitions, assuming that Kaspersky has a public web accessible feed of their definitions.

I don’t consider doing this by hand to be an option, it must be automated. You could roll a custom solution, but AutoPkg has a lot of nice features built in already to do this, including the ability to make BigFix content with the use of the BESProcessor. The one drawback, and it is potentially a big one, is that AutoPkg only runs on macOS.

DSimona 2016-09-22 10:18:41 UTC #7

Thank you.
We have Windows on clients so AutoPkg is not an option unfortunately - it is still good to know this option.

As for the second (a solution I did not thought about), it forces an update on the client by running the command - it is not a solution for our environment but nevertheless good to know for the futere.

jgstew 2016-09-22 17:20:48 UTC #8

I think you misunderstand. You only need 1 single Mac somewhere to run AutoPkg to have it automate the creation of Windows BigFix content. It is most definitely an option in a 100% windows environment if you can get at least 1 Mac. AutoPkg creates the content in BigFix, then you deploy it to your Windows devices like normal.

Someday I hope that AutoPkg will run on Mac, Windows, and Linux, but that day is not today, and it will take a while for it to get there, if ever. There is definitely interest in making AutoPkg run cross platform, and I have done a little bit of work to that end, but there is a lot more to do.

The platform that AutoPkg runs on is unrelated to the platform the generated content supports.

DSimona 2016-09-23 07:34:51 UTC #9

Thank for the reply - I meant that we have Windows on all devices on this project and we can not use outside devices.

jgstew 2016-09-23 17:07:48 UTC #10

I still think you are missing the idea here a little bit. I definitely understand the likelihood of you doing this is very slim to nonexistent, but I still feel the need to explain this for the sake of others.

AutoPkg only runs on a single system and generates the content. You could put it into the root server by hand, or have AutoPkg do it for you.

Once the automation is created and the content is being generated, it really only has to be done once and it could be done anywhere in the world by anyone as long as the results are then made available to you and you then put it into your root server.

There is no connection between the Mac running AutoPkg and the Windows devices you are managing at all. There doesn’t even need to be any connection between AutoPkg and the root server if you are willing to do the content import by hand. AutoPkg is just a way to automatically generate BigFix content. IBM uses other tools to generate the content that they publish in the patching sites. AutoPkg is a way for you to do something similar, but using a publically available tool.

Most of the content @hansen_m creates is automatically generated by AutoPkg, and there is a lot of it. Most of the content @strawgate creates is automatically generated by some custom PowerShell. A lot of the content I generate is automatically generated using Session Relevance and REST API calls, though I also use AutoPkg, and python scripts.

My point is that there are many different ways to go about automatically generating content, and AutoPkg is one you should definitely consider. Writing your own custom solution is another. You could also base it off of some of the published work by myself or @hansen_m or others.

This answer really applies to any question about IBM adding content to their patching sites. You or others could do it themselves using automation. This isn’t a small task, but I hope that a community could build up around doing this, with published scripts and tools for AutoPkg, Python, PowerShell, Session Relevance, etc…

jgstew 2016-09-23 18:55:48 UTC #11

I’m not sure if the virus definitions are in here or not, but this seems to have links to the downloads for many things: http://products.kaspersky-labs.com/

Specifically there seems to be some sort of updater utility here: http://products.kaspersky-labs.com/english/special/kasp_updater/

Reference: http://support.kaspersky.com/6356

DSimona 2016-09-26 08:23:20 UTC #12

Hi,

Thank you for further explaining this.
I understood from the start and I would like to have the time to try and work with the suggested solutions but this is rather a small project and this is really out of scope on this specific one.

If I will be able to obtain a device with macOS I will try to do something like this in our test environment.
If not, I might give it a try throughout scripting.

Thank you again, I might come back with questions

jgstew 2016-09-26 18:19:31 UTC #13

I definitely get that, but the real shame is that there are many small projects or groups that would benefit from having the automation. It is really hard to put together all of those that would get a benefit on a small scale added together into the actual benefit it would be in whole to work together and make a solution happen. It usually requires someone to take the burden upon themselves for the benefit of everyone else that is willing to publish the solution and make it available to really make the full impact such a solution would provide.

DSimona 2016-09-27 14:19:37 UTC #14

Hi,

I managed to get a hold of a Mac OS device.
I installed AutoPkg, Git, AutoPkgr and BESEngine (last one using @hansen_m recipes) - https://github.com/CLCMacTeam/AutoPkgBESEngine/blob/e6d4720ea1f6be7c5cf8b28f6fb23d6485356edf/README.md

Are there any examples for recipes already created for BigFix, publicly available or are there any kbs I can start reading on that might help me?

Thank you!

hansen_m 2016-09-27 14:37:24 UTC #15

I don’t have any public BigFix recipes yet, just because they contain org specific stuff that I haven’t had time to engineer out of them. I’ve also kind of been waiting for other people to be interested in collaborating on them so I could get some outside input.

Are you on the BigFix Slack group?

DSimona 2016-09-27 14:50:22 UTC #16

No, I am not.
Just created an account though

jgstew 2016-10-31 18:09:08 UTC #17

I’m definitely interested.