AV monitoring script

Hi Guys

I use this script https://scripts.comodo.com/frontend/web/topic/detecting-third-party-antiviruss-status to monitor Av on client PCs. It works well but now with Windows 10 having defender/security essentials enabled by default i am running into issues.

When I deploy 3rd party Antivirus i am getting alerts as below

Data: Custom Script Monitor : Standard Output: Windows Defender is disabled and Up-to-date
ESET Endpoint Antivirus is Enabled and Up-to-date

whats the best way to over come this? Can this be edited to not monitor Defender/Security Essentials or can the alerts be change so that it alerts if all of installed AV are disabled or not up to date

Thanks

Dave

@dbettens ,

We have forwarded your output to our Script Developers for review. We’ll make sure to inform you of their feedback.

Hi @Jimmy

Actually i have been thinking about this…

I have sites that have different antivirus solutions, some eset,some sophos etc…

What i ideally need is a script (or multiple scripts, one for each AV solution) that would check to make sure that installed AV at site is enabled and up to date and then alert if another 3rd party AV is installed excluding defender/security essentials as this is now included in windows 10

I will then create a separate monitor for each site depending on what AV they use.

this should then alert me if the site wide AV is disabled / not up to date or if there is another 3rd party AV installed.

hope that makes sense.

regards,

Dave

@dbettens ,

I see where you’re coming from. Having multiple AVs to monitor would require a different kind of set-up. We have coordinated with our Script Developers on how we can achieve your goal. Please provide the vendors of the AV you have on those sites and we’ll forward it for analysis.

Hi @dbettens

I have updated the script as per your request. It will generate an alert if the third party antivirus is disabled or not up-to-date.

This procedure supports the list of antivirus mentioned below:

1.Sophos

2.AVG

3.Mcafee

4.Comodo

5.Symantec

6.Kaspersky

7.Avast

8.Webroot

  1. Eset

  2. Bitdefender total and internet security

Please refer the below JSON file.

Note:

Please refer below wiki guide to use custom monitoring script:

https://wiki.comodo.com/frontend/web/topic/how-to-use-custom-script-procedure-monitoring

Run the Script as Custom monitoring

Let me know your feedback.

Thank you

20181015-check-antivirus-status.json (7.21 KB)

Thank you @Meena i will test report back

Dave