Hello everyone. I simply would like to run WMI scan to see if the computer has AntiVirus or not. My dream is to make ONE WMI scan work because I have been trying for days.
in the logs, the WMI scan is triggered *Pre Registration Scan - Current Scan Engine is : WMI_SCAN_ENGINE (pf::api::trigger_scan)* here is the configuration *scan.conf* *[WMI_SCAN_ENGINE]wmi_rules=customAVduration=20scategories=registration=1username=administratordomain=domain.dompost_registration=0password=xxxxxxxpre_registration=1type=wmi* *wmi.conf* *[customAV]request=select * from AntiVirusProductnamespace=ROOT\SecurityCenter2action= <<EOT[AntivirusPresent]attribute=displayNameoperator=matchvalue=*[1:!AntivirusPresent]action=trigger_violationaction_param = mac = $mac, tid = 100002, type = INTERNALEOTon_tab=1* *security_events.conf* *[100002]trigger=detect::100002actions=reevaluate_access,email_adminrecipient_template_email=security_event-triggereddesc=avaccess_duration=12hwindow=dynamicenabled=Ypriority=2auto_enable=N* (i know that the tigger_id must only be the same than the tid and not be the same that the security event id) If I do a mistake in the request or in the scan config I have errors in the logs mentioning the wmi request but nothing with the "correct" configuration and of course the security event is not triggered.and it is not on node tab neither Any help would be welcome :D Kind regards Leroy Joachim.
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
