Friday, March 8, 2013

Updating the AV Dashboard in vCM

Out of the box, vCM has the ability to detect if a managed system is running anti-virus software.  The "Windows Anti-Virus Analysis Dashboard" looks for services installed from a list of products from CA, McAfee, Symantec and Trend Micro.

I recently got involved with a customer who was frustrated that his versions of Trend Micro (10.5 and 10.6) wasn't being detected.

As it turns out, this dashboard is based on a view in the VCM SQL database - 


Looking at the view, there are a set of select statements, for example:

  'Trend' AS vendor,
  'Trend Micro OfficeScan' AS service_product_name,
  'OfficeScanNT RealTime Scan' AS service_display_name,
  'ntrtscan' AS service_internal_name,
  'ecm_fn_rpt_antivirus_trend_scanengine_s' AS scanengine_fn,
  'ecm_fn_rpt_antivirus_trend_pattern_s' AS pattern_fn

The "service_display_name" and the "service_internal_name" should match the Windows service information (check services.msc).  In the case of my customer, the service_display_name for HIS version of Trend Micro OfficeScan was slightly different, "OfficeScan NT RealTime Scan" and making this modification to the view fixed his problem.

You can also use this view to add AV solutions.  Be sure to make a backup of the view script before you modify so you can revert back.

This is not supported, use at your own risk, I'm not responsible if you hose your vCM DB, etc. :)

(Thanks to my VMware EM peers for the help with this.)

No comments:

Post a Comment