Relevance for status of startup Type

(imported topic written by dalipbhambri91)

I am looking for a relevance that gives me the status of startup type of symantec service. Service name is “norton antivirus client”.

The one i tried:

if exist service “norton antivirus client” then ((service name of it & " # " & state of it & " # " & start type of it & " # " & (version of file (substring between “%22” of (Image Path of it)))as string) of service “norton antivirus client”) else "NotInstalled # # # "

But it didn’t work.

Any suggestions would be much appreciated. Thanks in advance!

1 Like

(imported comment written by jeremylam)

The results of the inspector "image path of " can vary drastically. Only if the image path has spaces will it be enclosed by quotes (%22), otherwise it will not have quotes at all. Several of the image paths on my system have arguments after the file path, and some of the file paths have environment variables (like %SYSTEMROOT%) which you may have to account for.

You will have to get the results of a system’s

image path of service “norton antivirus client”

and customize the relevance based on its specific results.

(imported comment written by dalipbhambri91)

Thanks for the Reply Jeremy. The relevance we used to get the ‘state of the service’ is as below and it giving me the expected output :

if (exists service “norton antivirus server”) then (state of service “norton antivirus server”) else (if (exists service “norton antivirus client”) then (state of service “norton antivirus client”) else (if (exists service “symantec antivirus server”) then (state of service “symantec antivirus server”) else (if (exists service “symantec antivirus client”) then (state of service “symantec antivirus client”) else (if (exists service “symantec antivirus”) then (if (state of service “Symantec AntiVirus” = “Running” AND exists running application “rtvscan.exe” whose (version of it >= “11” as version)) then (if (exists key “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Storages\Filesystem\RealTimeScan” whose (value “OnOff” of it = 0) of registry) then “Stopped” else “Running”) else state of service “Symantec Antivirus”) else (if (exists service “navapsvc”) then (state of service “navapsvc”) else “”)))))

As now i need to monitor the ‘startup type’ of the same service, the one tried is as below, however this below i tried by editing the above mentioned relevance:

if (exists service “norton antivirus server”) then (startup type of service “norton antivirus server”) else (if (exists service “norton antivirus client”) then (startup type of service “norton antivirus client”) else (if (exists service “symantec antivirus server”) then (state of service “symantec antivirus server”) else (if (exists service “symantec antivirus client”) then (startup type of service “symantec antivirus client”) else (if (exists service “symantec antivirus”) then (if (startup type of service “Symantec AntiVirus” = “Automatic” AND exists running application “rtvscan.exe” whose (version of it >= “11” as version)) then (if (exists key “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Storages\Filesystem\RealTimeScan” whose (value “OnOff” of it = 0) of registry) then “Stopped” else “Running”) else state of service “Symantec Antivirus”) else (if (exists service “navapsvc”) then (state of service “navapsvc”) else “”)))))

If you see in the 2nd relevance i am not sure what registry value would give me the startup type of Symanctec. whether it would be OnOff or something else??? this where i am stuck…

Please help…If needed i can open a ticket for the same with Bigfix team…if it so then please suggest which should be appropriate team to open a ticket with…

(imported comment written by nberger91)

a couple of observations -

drop ‘client’ from the symantec antivirus service name, and change startup type to start type

if (exists service “symantec antivirus”) then (start type of service “symantec antivirus”) else “”

(imported comment written by dalipbhambri91)

Thanks for posting. But i am not sure where i need to set the service states as it would be in 3 states those are as follows:

1.Automatic

2.Manual

3.Disabled

BTW as per your suggestion, here is the relevance:

if (exists service “norton antivirus server”) then (start type of service “norton antivirus server”) else (if (exists service “norton antivirus”) then (star type of service “norton antivirus”) else (if (exists service “symantec antivirus server”) then (state of service “symantec antivirus server”) else (if (exists service “symantec antivirus”) then (start type of service “symantec antivirus”) else (if (exists service “symantec antivirus”) then (if (start type of service “Symantec AntiVirus” = “Automatic” AND exists running application “rtvscan.exe” whose (version of it >= “11” as version)) then (if (exists key “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Storages\Filesystem\RealTimeScan” whose (value “OnOff” of it = 0) of registry) then “Stopped” else “Running”) else state of service “Symantec Antivirus”) else (if (exists service “navapsvc”) then (state of service “navapsvc”) else “”)))))

Please suggest.

(imported comment written by dalipbhambri91)

if (exists service “norton antivirus server”) then (start type of service “norton antivirus server”) else (if (exists service “norton antivirus”) then (start type of service “norton antivirus”) else (if (exists service “symantec antivirus server”) then (state of service “symantec antivirus server”) else (if (exists service “symantec antivirus”) then (start type of service “symantec antivirus”) else (if (exists service “symantec antivirus”) then (if (start type of service “Symantec AntiVirus” = “Automatic” AND exists running application “rtvscan.exe” whose (version of it >= “11” as version)) then (if (exists key “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Storages\Filesystem\RealTimeScan” whose (value “OnOff” of it = 0) of registry) then “Stopped” else “Running”) else state of service “Symantec Antivirus”) else (if (exists service “navapsvc”) then (state of service “navapsvc”) else “”)))))

This one worked for me.

Thanks Aram!

(imported comment written by dalipbhambri91)

Hi We are getting below error when we are pushing the package on client machines:

[-]

[+] Download error: “The only supported protocols are http, https, and ftp”

Download requested on server:

URL: SWDProtocol://127.0.0.1:52311/uploads/C1F4B51AA4E5294F55BA247503EE9711517BB144/MOT-DNS-Upd-v100.EXE.bfswd

SHA1: c1f4b51aa4e5294f55ba247503ee9711517bb144

Size: 0 bytes

Next retry: 7 minutes. Retry now

Need your help on urgent basis…

(imported comment written by dalipbhambri91)

Hello everybody, your quick response would be much appreciated, as we are stuck to start a critical deployment.

Thanks in advance!

(imported comment written by jeremylam)

You need to register the SWD download plugin on the BES Server. Should be a Fixlet called “BES Server: Register Download Plug-in for Software Distribution” underneath Software Distribution -> Setup in the Systems Lifecycle domain.

(imported comment written by dalipbhambri91)

Thanks for your prompt response… however this fixlet showing not applicable for Bigfix server.