Friday, March 8, 2013

Updating the AV Dashboard in vCM

Out of the box, vCM has the ability to detect if a managed system is running anti-virus software.  The "Windows Anti-Virus Analysis Dashboard" looks for services installed from a list of products from CA, McAfee, Symantec and Trend Micro.

I recently got involved with a customer who was frustrated that his versions of Trend Micro (10.5 and 10.6) wasn't being detected.

As it turns out, this dashboard is based on a view in the VCM SQL database - 


Looking at the view, there are a set of select statements, for example:

  'Trend' AS vendor,
  'Trend Micro OfficeScan' AS service_product_name,
  'OfficeScanNT RealTime Scan' AS service_display_name,
  'ntrtscan' AS service_internal_name,
  'ecm_fn_rpt_antivirus_trend_scanengine_s' AS scanengine_fn,
  'ecm_fn_rpt_antivirus_trend_pattern_s' AS pattern_fn

The "service_display_name" and the "service_internal_name" should match the Windows service information (check services.msc).  In the case of my customer, the service_display_name for HIS version of Trend Micro OfficeScan was slightly different, "OfficeScan NT RealTime Scan" and making this modification to the view fixed his problem.

You can also use this view to add AV solutions.  Be sure to make a backup of the view script before you modify so you can revert back.

This is not supported, use at your own risk, I'm not responsible if you hose your vCM DB, etc. :)

(Thanks to my VMware EM peers for the help with this.)

Monday, March 4, 2013

VCM Server Registration for vC Ops vApp 5.6

You may notice that the vC Ops Admin UI (aka the VAMI) includes a registration option for VCM in 5.6.  This enables some really great integration between vC Ops and VCM, chiefly, compliance badge (part of the Risk badge family) and exposure of VCM machine groups for custom grouping.

For whatever reason, getting this set up is slightly challenging and to save time and frustration I thought I'd provide a couple of helpful tips.

 - Always use Windows Auth
 - Never specify the domain as part of the user credentials
 - Never specify the FQDN of the Windows domain
 - For a split install (2 or 3 tier) be sure to point at the VCM database server

As in the screen cap below....