A answer to a question, and a bit more
Question: If I were doing a check upon logon to see if McAfee and ePO are
installed and running, would this be a good thing to check?
Answer:
What to Check for:
ePO
Check if key exists and return the values:
HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent\Installed Path
Returned Value example:
C:\Program Files\Network Associates\Common Framework
Check if file(s) exist:
FrameworkService.exe
Check if service exists:
McAfeeFramework
Check if Process is running:
FrameworkService.exe
VirusScan
Check if key exists and return the values:
HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Enterprise\CurrentVersion\szInstallDir
Returned Value example:
C:\Program Files\Network Associates\VirusScan\
Check if file(s) exist:
Mcshield.exe
scan32.exe
Check if service exists:
McShield
McTaskManager
Check if Process is running:
McShield.exe
WMIC examples of how to check for this (you could create a vb script or smsinstaller script to do the checks):
Let’s cut to the chase and see if the processes are running:
Click Start, then Run and Type cmd.exe
Then Type:
wmic process where (Name='FrameWorkService.exe') get name,processid
wmic process where (Name='McShield.exe') get name,processid
But maybe we want to check more than one machine:
Click Start, then Run and Type cmd.exe
Type cd \ and hit enter
Type Notepad.exe
Paste a line by line list of computers
For example:
Redrider1
redriderDC2
redridersms5
smsjackleg
smellyserver3
Then hit the alt + f key
Then hit the a key
Save the document to the SystemDrive as computers.txt (usually C:\computers.txt)
Exit Notepad.exe
Now Type in your cmd.exe window:
for /F %i in (computers.txt) do wmic /node:%i process where (Name='FrameWorkService.exe') get name,processid
for /F %i in (computers.txt) do wmic /node:%i process where (Name='McShield.exe') get name,processid
How cool, but you say that you dont want to just see it, you want to document it.
K, lets put all this in a document
for /F %i in (computers.txt) do wmic /node:%i process where (Name='FrameWorkService.exe') get name,processid /FORMAT:CSV >> Results.csv
Now open c:\Results.csv with excel:
Thats pretty cool too, because we now have an document we can open with excel. We love excel. Unfortunately, our boss wants a pretty document. So lets give her/him one.
for /F %i in (computers.txt) do wmic /node:%i process where (Name='FrameWorkService.exe') get name,processid /FORMAT:htable >> Results.htm
Now open c:\Results.htm with internet explorer:
It seems like the longer the command line the better the Results(.htm) ;)