You need to create blpackage with
1) Silent installation of AV, if AV is not found
2) if the AV version is lower than what is desired w.r.t. their base versions , then upgrate AV with the help of silent installer.
In doing so, you have to make sure that the compliance condition also becomes a part of remediation package.
I know the logic which you mentioned , but problem is there i am not able to create that script
I would not use the ??TARGET.ANTIVIRUS?? property. This is confusing, but we set that Property with a default value of "McAfee VirusScan Enterprise" but that doesn't mean that particular antivirus software (if any) is actually installed. It's just a dummy default value.
If you want to create a Compliance rule to check for a specific version(s) of antivirus, you want to do something like this:
exists "Windows Application:**" where
( Name contains "Corporate Edition" AND
( "Version (Windows)" starts with "9." OR
"Version (Windows)" starts with "10."
( Name contains "Endpoint Protection" AND
( "Version (Windows)" starts with "11." OR
"Version (Windows)" starts with "12."
As far as remediation, remediation packages tied to Compliance rules must be BLPackages. So if you want your remediation to be install of an antivirus program, you will have to create a BLPackage with that binary inside, and an External Command with an unattended installation string.
You also have the option of creating the software installation package in BSA as usual, and then adding that to a BLPackage (so you can use it as a remediation).
Thanks for all replies... I created rule again as per Joe , and compliance is working fine. But stuck again here for remediation rule part.???
for instance , if server found less then 11.0.6100.645 then upgrade this to *645 and if server found less then 12.1.2015.2015 then upgrade it *2015..
Or else if does not found then do a fresh installation.
This rule of remediation i am not able to create for windows system in external command and giving some syntax error.
Which scripting language external command takes in BL?
1 of 1 people found this helpful
First, Adam's suggestion to use a Software Package (later wrapped in a BLPackage) is a good one. So your first step is to create installation packages for the different antivirus programs you want to install. There are mulitple Windows installers so you have to find the correct install and uninstall strings for an unattended (or silent) installation. Test your software packages and make sure they install/uninstall correctly.
Then wrap those software packages into individual BLPackages.
Then create different compliance rules to check for the conditions to install these BLPackages. You can only refer to one BLPackage per Rule, so you have to add separate Rules for each package version you're looking for. Once you get the Rules correct, you can tie them to the BLPackages you created as a Remediation option.
The version numbers in this example make it a little harder. I don't believe you can treat a version number like 11.0.6100.645 as a number, I think you have to treat it as a string. So greater than/less than might not work. You might have to use starts with/ends with/contains etc.
The external command isn't tied to any scripting language. The external command is simply run and the operating system will either understand it or it won't. For example, if you didn't want to use a software package, you could do it with a BLPackage. Your first line would contain the executable and location (for example):
And you would add an external command to install it (for example):
C:\temp\stage\installer.exe /q /norestart
But if you use the software package method, you don't need to worry about doing it like that.
Thanks for your help