We are trying to have kace show if users have up to date virus pattern files for TrendMicro.

We've identified what file we need to grab, but a small annoyance is its actually 2 files with the same name, but different extension e.g icrc$oth.665 and icrc$oth.667 (one is the previous pattern file so it can roll back to it if need be)

I've tried using the below syntax with and without quotes around the file path. I've tried other things like simply just  grabbing notepad to see if it exists, and nothing wants to populate the custom inventory field. Any help is appreciated.

FileInfoReturn("C:\Program Files (x86)\Trend Micro\OfficeScan Client\icrc$oth.*", modification_time, DATE)
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Community Chosen Answer

1
We´re not using TrendMicro, but it looks like that these settings can be found within the registry and it´s easier to get a value from a registry key. If i´am right there should be a REG_DWORD value named PatternVer and maybe also PatternDate and PatternTooOldDays.


Custom Inventory Rule then looks like

RegistryValueReturn(HKEY_LOCAL_MACHINE\PATH, KEY, TEXT)
Answered 05/18/2015 by: aragorn.2003
Red Belt

  • Thanks for the information.

    It doesnt seem to want to return any information in the CIR field.

    You were correct about a PatternVer existing, but the data in it doesn't differ from older versions of trend vs new, so I decided to go with PatternDate to see when it was last updated.

    I use the below syntax but it still isnt returning anything, am I missing something obvious?

    RegistryValueReturn(HKEY_LOCAL_MACHINE\Software\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc, PatternDate, REG_SZ)
    • Try swapping REG_SZ for TEXT.
      • I've switched out the reg_sz to text but its still not returning anything.

        Could it be some type of permissions thing? I've just come back from holiday so im about to jump in and give it some more testing.
Please log in to comment

Answers

0
Hi Quytree. Some questions/ideas. 

  • did you see the registry value?
  • try to enable debug logging in amp.conf by adding this line "debug=detail" and restart the KACE agent.
    then check the KAgent.log under C:\ProgramData\Dell\KACE\user. If this includes error=183 please read the following. https://support.software.dell.com/kb/115133
  • Have you setup the right supported operating system in Software Detail view
Answered 06/09/2015 by: aragorn.2003
Red Belt

  • Ive been able to get the registry value return to work on HKeyCurrentUser, nothing returns when using the HKeyLocalMachine paths though.

    I've enabled debugging and do get the error 183 and have tried that fix in the link provided but still doesnt work, and still gives an error 183 which you can see below

    Custom Inventory Rule failed on registry operation: logop=6, key='HKLM64\Software\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc\': error=183

    Its definitely targeting the right OS as I have gotten this command to work.

    EDIT: I've also tried all of this on a couple of 32bit windows machines, and still nothing.
Please log in to comment
0
I agree with Aragorn.  I set up something similar for McAfee:

RegistryValueReturn(HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\McAfee\AVEngine, AVDatVersion, TEXT) AND RegistryValueReturn(HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\McAfee\AVEngine, AVDatDate, TEXT)

It returns this:


Answered 05/25/2015 by: jknox
Red Belt

  • I've switched out the reg_sz to text but its still not returning anything.

    Could it be some type of permissions thing? I've just come back from holiday so im about to jump in and give it some more testing.
Please log in to comment
Answer this question or Comment on this question for clarity
Share SNMP OID and MIB Information
It’s easy to add custom SNMP OID GETs to your Dell KACE K1000 inventory, but where do you find the exact OIDs you need for a specific device? This is the place to share the OIDs and MIBs you have – and to request the ones you need.

Share