Overviews - Client Manager For AntiVirus Overview

(imported topic written by SystemAdmin)

Can this example report be upgraded to detect etrust av 8.x aka CA Antivirus or etrust ITM 8?

(imported comment written by jessewk)

The overview does support eTrust AV versions 6 thru 8.

Under the eTrust section you should two separate analyses. One for 6.0/7.x and one for 8.x. Perhaps you need to activate the 8.x version?

(imported comment written by SystemAdmin)

We have the 8 version activated and the 6/7 version deactivated. We are also recieving back the correct results from that analysis, with the exception of 64 bit clients (relevance is using ‘registry’ vs ‘native registry’) which is a different issue. But the report shows just 1 agent deployed. I attached a screen cap.

(imported comment written by jessewk)

Hi John,

I did some investigation and I was incorrect. There are still a couple of things that need to be done to get the dashboard updated to include eTrust 8.x stats. I’ve already made a few of the changes and the others are underway. At this point it’s mostly testing left so I’m hoping to get the update out

real soon now

.

Jesse

(imported comment written by SystemAdmin)

Thanks so much. We’re looking forward to seeing the update!

(imported comment written by jessewk)

The updates were published yesterday. Please let us know how if it’s working for you and if you notice any issues.

(imported comment written by SystemAdmin)

Thank you, this is working now. I sent you an email detailing how 64 bit clients are not working because the relevance does not work for the 64 bit clients. But the Overview is working for CA Threat Management version 8, 32 bit clients.

(imported comment written by jessewk)

The updates necessary to support eTrust 8.x 64bit version were published a few days ago.

You’ll find the following content is new or updated in the Client Manager for AV site:

ID 50: eTrust Anti-Virus Client Information - 8.x

ID 81: AUDIT: Outdated eTrust Antivirus 8.x Definitions Detected - Windows XP/2003 (x64)

ID 82: eTrust Antivirus 8.x Not Running - Windows XP/2003 (x64)

ID 83: DEPLOYMENT: Anti-Virus Software Not Installed - Windows XP/2003/Vista (x64)

In addition the overview dashboard has been updated to reflect the information gathered via the above content.

We’ll also gradually be adding support for more vendors to Fixlet ID 83 to make it similar to the x86 “No AV” fixlet (ID 5).

Please let us know if you notice anything strange.

-Jesse

(imported comment written by SystemAdmin)

Everything looks good. Thank you.

Any chance the PestPatrol / Integrated Threat Management verion will be supported any time soon?

(imported comment written by SystemAdmin)

Bringing back this thread from the dead…

One new question, one old.

New: Can an additional property be put into the eTrust Anti-Virus Client Information - 8.x Analysis? We created a custom version but that had two negatives. First, it produces two results in every client. Second, it does not show up in the Client Manager for AntiVirus Overview Dashboard.

Here is the property:

eTrust ITM Client Version

if (exists key “HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\eTrustITM\CurrentVersion” of native registry) then (value “Version” of key “HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\eTrustITM\CurrentVersion” of native registry as string) else “N/A”

Old: Any chance the PestPatrol / Integrated Threat Management verion will be supported any time soon? Something like this:

eTrust ITM: Pest Patrol Signature Version

if (exists (value “Engine” of key “HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\ScanEngine\Path” of native registry as folder) whose (exists file “ppinfo.dat” of it)) then (modification time of file “ppinfo.dat” of (value “Engine” of key “HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\ScanEngine\Path” of native registry as folder)) else (modification time of file “ppfile.dat” of (value “Engine” of key “HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\ScanEngine\Path” of native registry as folder))

Thanks

John