Tag Archives: sccm compliance virus guard definition

Monitor Virus guard definition level from SCCM 2012 compliance management ( Symantec End point protection )

 

Compliance settings in SCCM are really important feature when you customize it to meet organizational requirements. When managing compliances, SCCM 2012 is having direct methods of alert subscriptions and better reporting’s than SCCM 2007. It also supports PowerShell scripts.

In this post I will introduce a method to monitor the compliances of install virus guards and its definition levels.

Example

I will take Symantec End point protection as my virus guard. If my virus guard application did not receive an update within seven days, it will be a none-compliant computer. We can monitor this from alerts, alert subscription and reporting.  

First of all you have to find the location of your virus guard’s definition file location.

Symantec Endpoint protection

  • C:\ProgramData\Symantec\Definitions\VirusDefs\definfo.dat

Avast virus guard

  • C:\Program Files\Alwil Software\Avast5\defs\aswdefs.ini

Then use the following script, change the file location according to your virus program.

Option Explicit

Dim VirusDefCfg, FileSys, FSO, LastModified, DateDifference, noSymantecPresent
VirusDefCfg = “C:\ProgramData\Symantec\Definitions\VirusDefs\definfo.dat”
noSymantecPresent = 9999

Set FileSys = CreateObject(“Scripting.FileSystemObject”)
Set FSO = CreateObject(“Scripting.FileSystemObject”)

If FileSys.FileExists(VirusDefCfg) <> True Then

WScript.Echo noSymantecPresent
WScript.Quit

End If

 

LastModified = FSO.GetFile(VirusDefCfg).DateLastModified

DateDifference = DateDiff(“d”, LastModified, Now())

WScript.Echo DateDifference

 

  • SCCM create new configuration Item

Fill the details and add the script. Make sure to select Script, data type Integer and VB script.

 

Image

 

  • Go to compliance rules, New rule , rule type value, Less than – 7, this will make sure if value return more than 7 days , computer will be none compliant.

 Image

  • Create a compliance baseline and add this configuration item for that. Then deploy that compliance baseline to your desired collection.
  • After schedule time reached you can view the compliance from
    • Monitoring – Deployment – Compliance baseline
    • Reporting – compliance and settings management – summery compliance by configuration baseline.

This script can be used on any virus guard program, you have to find the location of the definition file location and add it to the VirusDefCfg variable.

Hope this is useful ,