- Overview
- Creating a New Definition
- Testing the Definitions
- Virus Scan Options
- Supported Scanners
- Community Supported Definitions
- Document Revision History
Overview
The Virus Scan configuration screen lists all current antivirus definitions. This allows LabTech to identify the virus scanner installed on the computer and sets the command line scanning and definition update procedures.
To access the current virus scan definitions, select Dashboard > Config > Configurations > Virus Scan from the Control Center.
Figure 1: Virus Scanner Definitions
Table 1: Virus Scan Field Descriptions
| Field | Definition |
| Name | The name of the antivirus software. |
| DefLocation | Indicates the path to the definitions file. If the DefLocation is a file name, then the file date is used as the definition date. |
| Date Mask/DefFilename | Regular expression to extract the date from the DefLocations returned data. |
| ProgLocation | Path and filename to the virus scanner's executable file. This file is used for command line scanning and if this file exists then the scanner is assumed to be installed. LabReg and LabIni replacements are expanded here. |
| UpdateCMD | Path and filename to the virus scanner's command line update. Leave blank if no command line update. LabReg and LabIni replacements are expanded here. |
| Scan Template | Command line scanning parameters, if the scanner supports it. Leave blank if no command line scanning. %p is replaced with the file to be scanned. |
| AutoProtect | The process name to look for. If this process name is found running, then AutoProtect is assumed to be enabled. WMI is queried last in the AutoProtect scan. This means that if Auto Protect is turned off in your Security Center from the Windows Control Panel, it might show as disabled in the control center's computer management window. To override this function, add an * at the end of the AutoProcess name. This will skip the WMI scan. The AutoProtect process can also be a list of processes to look for. Separate the processes with a colon (:) and as long as one of the processes is running, then it will detect it. |
| OS Type | Allows you to select the OS type that the definition applies to. This allows you to have different settings for 32 bit and 64 bit operating systems. |
| Version Check |
If the OS matches the OS selected in the OS Type field, a version check is performed.
|
| Version Mask | If the Version Mask is blank, then as long as the Version Check expanded to a specific file, it will succeed. If the Version Mask is configured, then the file used to determine the version will be the result of the regular expression pattern found in the Version Check. |
Creating a New Definition
Creating a new definition is easy. For your new definition, you will need to know the location to the virus scanners.exe and the location of the virus definition file\registry entry.
To add a new definition:
- From the Control Center, select Dashboard > Config > Configurations > Virus Scan.
Figure 2: Virus Scan Configuration![Fig02_Virus_Scan_Config]()
- Click the Clear button to clear any current data.
- Enter the Name of the virus scanner (e.g., Vipre)
- Enter the command line scanning parameters if the scanner supports it, in the Scan Template field. Leave blank if the scanner does not support command line scanning. %p is replaced with the file to be scanned. (e.g., /scannowquick %p). Each antivirus uses different scanning parameters if it is supported. You will need to refer to the appropriate antivirus documentation for the scanning parameters.
- Enter the AP Process to look for. If this process name is found running, then AutoProtect is assumed to be enabled. WMI is queried last in the AutoProtect scan. This means that if 'Auto Protect' is turned off in your Security Center from the Windows Control Panel, it might show as 'disabled' in the control center's computer management window. To override this function, add an * at the end of the AP Process name. This will skip the WMI scan.
![Note]()
NOTE: The AutoProtect Process can also be a list of processes to look for. Separate the processes with a colon (:) and as long as one of the processes is running, then it will detect it. - Virus definitions are not universal and require the location of the scanner to be static. Enter the Program Location. (e.g., %programfiles%\Sunbelt Software\VIPRE\sbamcommandlinescanner.exe).
- Enter the Definition Location (e.g., %programfiles%\Sunbelt Software\VIPRE\Definitions\ctid.vtd).
- Enter (.*) as the Date Mask. This is a universal value to determine the latest definition date of the file specified in the Definition Location.
![Note]()
NOTE: You can also use the Registry to get the date by just specifying a registry key and not a file path. The Date Mask is a regExpression used to help parse the date from the registry. - Enter the path and filename to the virus scanner's command line update in the Update Command field. Leave blank if a command line update is not available (e.g., %programfiles%\Sunbelt Software\VIPRE\sbamcommandlinescanner.exe /updatedefs).
- Select the OS that this antivirus applies to from the OS Type drop-down (e.g., 32 bit Windows, 64 bit Windows). This allows for different data definitions for 32bit and 64 bit operating systems.
- Version Check and Version Mask will already be populated based on internal detection processes to verify the operating system. If it is blank, theVersion Check and Mask are not currently used in determining the version of the specified antivirus product.
- Click Add if adding a new definition or Save if editing an existing definition.
Testing the Definitions
- From the Control Center, select a Client > Location > Computer.
- Click on the CMD Prompt tab.
Figure 3: CMD Prompt![Fig03_CMD_Prompt]()
- Use the ECHO and DIR command to return the result from your definitions. Refer to the following examples:
- ECHO %programfiles%\Sunbelt Software\VIPRE\sbamcommandlinescanner.exe
- DIR %programfiles%\Sunbelt Software\VIPRE\sbamcommandlinescanner.exe
- ECHO %programfiles%\Sunbelt Software\VIPRE\Definitions\ctid.vtd
- DIR %programfiles%\Sunbelt Software\VIPRE\Definitions\ctid.vtd
These should all succeed and return relevant values. The file date of the definition file is the date that is used for the definition date.
 |
NOTE:You can also use the Registry to get the date by just specifying a registry key and not a File Path. The Date Mask is a regExpression used to help parse the date from the registry |
Virus Scan Options
Table 2: Virus Scan Options
| Option | Description |
| Refresh List | Click this to refresh the virus scanner list. |
| Clear | Click this to clear the fields of their values to begin adding a new virus scanner definition. |
| Add/Save | When the Clear button is pressed, the Add button enables to allow for adding a new virus scanner definition. Click Add to insert the new virus scanner definition after completing all of the necessary fields. Click Save if a virus scanner definition was modified and you want to save your changes. |
| Export Selected | Click this to export the selected items to a SQL file that can be imported into other systems. Use [Ctrl-click] or [Shift-click] to select multiple items. |
| Delete | Select a virus scanner definition and right-click and select Delete to remove the definition from the list. |
| Copy Text | Select a virus scanner definition and right-click and select Copy Text to copy the text to the clipboard to be pasted elsewhere. |
| Search List | Right-click in the definition list and select Search List to search for a specific keyword. All instances of the keyword will be highlighted in the list. |
| Print List | Right-click in the definition list and right-click and select Print List to print. |
| Export to Excel | Right-click in the definition list and right-click and select Export to Excel to save the definition list in Excel format. You must have Excel installed to use this option. |
Supported Scanners
Several versions of each antivirus program are supported.
AVG
LabTech SUpports Several versions of AVG out of the box.
- AVG 2011 Free & Commercial
- AVG 9.0 Free & Commercial
- AVG 8.0 Corporate
- AVG 8.0 Free & Commercial
- AVG 7.0 Corporate & Professional
- AVG 7.0 Free
Get the free copy from AVG.com. For installation instructions, please see the AVG Installation Guide.
Eset
ESET NOD32 Antivirus provides fast, light and proactive protection against viruses, trojans, worms, hackers and other cyber threats.
For installation instructions, please see the ESET Installation Guide.
Vipre
VIPRE Antivirus is high-performance antivirus software that doesn't slow down you PC like older, traditional security products.
For installation instructions, please see the Vipre Installation Guide.
Community Supported Definitions
- Avast
- Avira
- BitDefender
- Etrust
- F-Prot
- F-Secure
- Kaspersky
- McAfee
- Microsoft
- Norman
- Norton-Symantec
- OneCare
- Panda
- Sophos
- Trend
Document Revision History
| Date | Notes |
| July 29, 2011 | New |
