locked
IAG RRS feed

  • Question

  •  

    Am trying to include in our IAg policies for endpoint detection items like user has BitDefender AV (not one of the out the box producst IAG lists). How do I go about that?

     

    Cheers

    Thursday, March 27, 2008 11:16 AM

All replies

  • I think what you should do it create a custom policy to check the registry settings for your BitDefender AV, that will allow you to confirm it is installed, I am not sure how the version of the pattern file would be checked however.

     

    RE,

     

    Dave.

     

    Thursday, March 27, 2008 1:52 PM
  • Hi,

        As the thread before said you need to create a Vbscript to read the relevant registry / process information of this AV, I would suggest looking at whaledetect.vbs to see how they detect the other AV's.

     

    Hope it helps.

     

     

     

    Monday, March 31, 2008 6:43 PM
  • Can anyone post a generic example of the script needed for this and explain how you go about adding it to a policy (as it's also the subject of my "IAG: Session Endpoint Access Policy" post).

     

    I haven't been able to find any detail on this in the documentation so far.

     

    Thanks

     

    Pete

     

    PS Should this be in Forefront Security General rather than an FCS forum?

    Friday, April 11, 2008 10:22 AM