8 Replies Latest reply on Apr 24, 2013 9:43 AM by Raj NameToUpdate

    Remediation for Antivirus Compliance check in BSA

      I have created one compliance rule for checkning Symantec Endpoint Antivirus and working fine as below.


      "Windows Application:??TARGET.ANTIVIRUS??".Name != "null"  AND

      ??TARGET.ANTIVIRUS?? matches ".*Endpoint.*"  AND


         ??TARGET.OS_VERSION?? contains "2003"  AND

         ??TARGET.OS_PLATFORM?? = "X86"



         "Windows Application:??TARGET.ANTIVIRUS??"."Version (Windows)" is substring of "??TARGET.DISA Properties.ANTIVIRUS_VERSIONS??"



      I have scenario like below


      Compliance Check ( Done )


      1. Antivirus must be Symantec Endpoint and installed.

      2. Version of Antivirus should be ("11.0.6100.645", "12.1.671.4971", "12.1.1101.401", "12.1.2015.2015").


      Remediation Part


      1. If Antivirus Version not found then install it.

      2. If Antivirus not found with the desired versions then should be upgrade to the latest 11.0.6100.645 if in case of 11* and 12.1.2015.2015 if in case of 12* lower version found.



      I am stuck at the remediation part how to create that package with the mentioned rules...


      Please let me know if my query / information is not clear or not sure if sombody think it is a basic question??


      Kindly suggest.



        • 1. Re: Remediation for Antivirus Compliance check in BSA
          Niranjay Bharati

          Hi Raj,


          You need to create blpackage with


          1) Silent installation of AV, if AV is not found

          2) if the AV version is lower than what is desired w.r.t. their base versions , then upgrate AV with the help of silent installer.


          In doing so, you have to make sure that the compliance condition also becomes a part of remediation package.




          • 2. Re: Remediation for Antivirus Compliance check in BSA



            I know the logic which you mentioned , but problem is there i am not able to create that script

            • 3. Re: Remediation for Antivirus Compliance check in BSA
              Joe Piotrowski

              I would not use the ??TARGET.ANTIVIRUS?? property. This is confusing, but we set that Property with a default value of "McAfee VirusScan Enterprise" but that doesn't mean that particular antivirus software (if any) is actually installed. It's just a dummy default value.


              If you want to create a Compliance rule to check for a specific version(s) of antivirus, you want to do something like this:


              exists "Windows Application:**" where

                 (  Name contains "Corporate Edition"  AND

                    (  "Version (Windows)" starts with "9."  OR

                       "Version (Windows)" starts with "10."


                 )  OR

                 (  Name contains "Endpoint Protection"  AND

                    (  "Version (Windows)" starts with "11."  OR

                       "Version (Windows)" starts with "12."




              • 4. Re: Remediation for Antivirus Compliance check in BSA
                Joe Piotrowski

                As far as remediation, remediation packages tied to Compliance rules must be BLPackages. So if you want your remediation to be install of an antivirus program, you will have to create a BLPackage with that binary inside, and an External Command with an unattended installation string.

                • 5. Re: Remediation for Antivirus Compliance check in BSA

                  You also have the option of creating the software installation package in BSA as usual, and then adding that to a BLPackage (so you can use it as a remediation).

                  • 6. Re: Remediation for Antivirus Compliance check in BSA

                    Thanks for all replies... I created rule again as per Joe , and compliance is working fine. But stuck again here for remediation rule part.???


                    for instance , if server found  less then 11.0.6100.645 then upgrade this to *645 and if server found less then 12.1.2015.2015 then upgrade it  *2015..


                    Or else if does not found then do a fresh installation.



                    This rule of remediation i am not able to create for windows system in external command and giving some syntax error.


                    Which scripting language external command takes in BL?

                    • 7. Re: Remediation for Antivirus Compliance check in BSA
                      Joe Piotrowski

                      First, Adam's suggestion to use a Software Package (later wrapped in a BLPackage) is a good one. So your first step is to create installation packages for the different antivirus programs you want to install. There are mulitple Windows installers so you have to find the correct install and uninstall strings for an unattended (or silent) installation. Test your software packages and make sure they install/uninstall correctly.


                      Then wrap those software packages into individual BLPackages.


                      Then create different compliance rules to check for the conditions to install these BLPackages. You can only refer to one BLPackage per Rule, so you have to add separate Rules for each package version you're looking for. Once you get the Rules correct, you can tie them to the BLPackages you created as a Remediation option.


                      The version numbers in this example make it a little harder. I don't believe you can treat a version number like 11.0.6100.645 as a number, I think you have to treat it as a string. So greater than/less than might not work. You might have to use starts with/ends with/contains etc.


                      The external command isn't tied to any scripting language. The external command is simply run and the operating system will either understand it or it won't. For example, if you didn't want to use a software package, you could do it with a BLPackage. Your first line would contain the executable and location (for example):



                      And you would add an external command to install it (for example):

                      C:\temp\stage\installer.exe /q /norestart


                      But if you use the software package method, you don't need to worry about doing it like that.

                      1 of 1 people found this helpful