(imported topic written by kaushalw91)
Hi,
I have Symantec Endpoint installed on some systems, this is an upgrade to symantec antivirus corporate edition. Bigfix displays the version of Antivirus in console properly. But, it is not accurately detecting the service state for Symantec endpoint, whether is stopped or running. I created custom analyses for Symantec Endpoint :
if (exists service “Symantec Endpoint Protection”) then (state of service “Symantec Endpoint Protection”) else (if (exists service “norton antivirus client”) then (state of service “norton antivirus client”) else (if (exists service “symantec antivirus server”) then (state of service “symantec antivirus server”) else (if (exists service “symantec antivirus client”) then (state of service “symantec antivirus client”) else (if (exists service “symantec antivirus”) then (if (state of service “Symantec AntiVirus” = “Running” AND exists running application “rtvscan.exe” whose (version of it >= “11” as version)) then (if ((exists key “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Storages\Filesystem\RealTimeScan” whose (value “OnOff” of it = 0) of registry) OR (exists key “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Storages\InternetMail\RealTimeScan” whose (value “OnOff” of it = 0) of registry)) then “Stopped” else “Running”) else state of service “Symantec Antivirus”) else (if (exists service “navapsvc”) then (state of service “navapsvc”) else “”)))))
There are systems running with Symantec Endpoint protection service and it shows “stopped” in console. I hope everything is fine with above mentioned relevance.