Tullibo.com
Kaseya 101 Part 2:Show machines without AV
Kaseya 101: 101 Ways Kaseya can make you more efficient

How to create a Kaseya Custom View showing machines without Antivirus

Written by Tullibo

Topics: Kaseya

missing-sav

Antivirus & spyware still pose a significant risk to businesses. Even with the widespread use and availability of UTM devices such as Fortinet Fortigate, Watchguard Firebox and other free open source solutions and email scanning at the SMTP gateway, the desktop/endpoint still needs it’s own protection. In this post I’ll show you how to create a custom Kaseya view that will filter and show you all machines missing a particular antivirus application for a machine group.

KES 2.x is the business

I’m a massive fan of Kaseya KES having been recently converted with the free 25 license offer I cashed in on 3-4 months ago. Before that I’d tried KES V1.0 and it was complete rubbish. Thankfully KES V2.0 is far better (I believe KES 2.1 has just been released too) and is my first preference for Antivirus/Endpoint protection.

For more info on Kaseya Endpoint Security click here

KES is not always an option

Unfortunately pimping KES to everyone is not always an option so quite often we get stuck managing the legacy AV solution. The most common solution we come accross is Symantec Antivirus or Symantec Endpoint Protection as the new versions are called. I deal with this probably 95% of the time so this post is based around showing machines missing Symantec AV/SEP – NB that the same logic/process can be employed to create views relating to other antivirus products.

Step 1 – Determine the core AV Executable name

So step 1 in the process is to determine the core antivirus executable do. To do this, open up the services MMC snap-in or open up Computer Management and find the service for the antivirus software.

Once you find the service, open the properties and the pop-up will tell you the executable name. In the case of SymAV/SEP, the executable is called RTVSCAN.EXE

Step 2 – Create the custom view

Once you know the executable name the next step is easy.
Open up Kaseya, reset the filter back to <No view> and click Edit
Go about halfway down on the pop-up window and you’ll see a section there for Contains/Missing Application
In the text box, type RTVSCAN.EXE and click the radio button for “Missing”

custom-view-sav
Then give your new view a name and hit Save, I’ve called mine “Machines missing SAV”
Then hit the Share button and share with all/make public and your done.

Step 3 – Use it & Create regular reports

Now that you have the View you need to use it! You can now easily identify machines for a client missing the antivirus software that is supposed to be installed.

In my next post, I’ll show you how to create a regular scheduled report using your new Filter and how to setup monitoring to ensure antivirus is installed on all workstations for a specific machine group!

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Bookmark and Share

Facebook Twitter StumbleUpon del.icio.us Digg Reddit Technorati RSS

Posted on 3 September 2009

blog comments powered by Disqus