DCIs System.AntiVirus broken

Started by Dani@M3T, April 03, 2014, 10:10:25 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Dani@M3T

April 03, 2014, 10:10:25 AM
Are the Windows Agent DCIs System.AntiVirus* still broken. If yes, is it possible to fix for next release?

thanks
Dani

Victor Kirhenshtein

#1
April 09, 2014, 10:51:52 AM
Hi!

It seems to be working on my system:

Code Select

C:\Source\NetXMS\x64\debug>nxget -e0 127.0.0.1 system.AntiVirusProduct.Active
1

C:\Source\NetXMS\x64\debug>nxget -e0 127.0.0.1 system.AntiVirusProduct.DisplayName
Microsoft Security Essentials

C:\Source\NetXMS\x64\debug>nxget -e0 127.0.0.1 system.AntiVirusProduct.UpToDate
1

C:\Source\NetXMS\x64\debug>


I've added additional debug to the agent to determine why it fails. I can provide you with intermediate agent build if you wish to test it.

Best regards,
Victor

Dani@M3T

#2
April 09, 2014, 01:29:09 PM
I use it for Win2012R2 nodes. When I re-enable my Test-DCI, I get a SYS_DCI_ACTIVE event and in 'Last Values' the value '<< ERROR >>'.

./nxget -e2 -a sha1 -s secret -Z secret 172.16.10.141 system.AntiVirusProduct.Active
500: Internal error

If you can give me the test build for Win_x64, I can test for you.

thanks
Dani

Victor Kirhenshtein

#3
April 09, 2014, 02:13:58 PM
You can try attached subagent.

Best regards,
Victor

Dani@M3T

#4
April 09, 2014, 02:38:46 PM
thanks

I replaced the subagent on one node but the same error. For debugging I started the agent with '-D 9'. I send you the logfile by email.

Dani

Victor Kirhenshtein

#5
April 09, 2014, 03:11:24 PM
Hi!

Can you check with some WMI tool that namespace root\SecurityCenter2 is available and that user agent is running under can access it?

Best regards,
Victor

Dani@M3T

#6
April 09, 2014, 06:35:54 PM Last Edit: April 09, 2014, 06:45:18 PM by Dani@M3T
I'm not a WMI specialist but I tested on command line:
wmic /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName,productState /Format:List

and got a 'name space not found' message.
From a search in the internet: The name space root/SecurityCenter2 is not available on Windows Server (there is no SecurityCenter service)! I installed the NetXMS agent on a Win7 machine and there I got an answer with the DCI.
For System.AntiVirusProduct.Active, result '1' is ok?

Victor Kirhenshtein

#7
April 09, 2014, 07:10:22 PM
I don't work much with Windows lately, so I miss this fact. Yes, 1 is ok and 0 is not ok (not running or not up to date). I'll check if it is possible to get antivirus and firewall state via WMI on Windows Server.

Best regards,
Victor

dersonik

#8
April 18, 2016, 06:25:45 PM
The antivirus check still not working in the newest version can you fix this :)

Tursiops

#9
April 19, 2016, 02:28:10 AM
Windows Server does not have Security Center, hence you can't query this information on servers.
Print
Go Up Pages1
User actions