Sophos Anti Virus

Hi Guys

I need a script that will tell me if a certain folder has not been modified in last day. Sophos updates to the following folder

c:\Program Files (x86)\Sophos\Sophos Anti-Virus\

Sophos will release a vdl.dat file once a month but between those release they update with ide files to the above directory I need help with our monitoring program Naverisk, I can monitor services, event, ports, files etc but cannot monitor folder modified date so I need a script I can run to check if the above folder has not been modified in the last day to either email a certain address or create an event that I can monitor in Naverisk.

Can anyone help asap Please

September 24th, 2013 8:25am

Hi,

This overly drawn out example will check if your folder has any files newer than a day old in it:

$updated = $false

Get-ChildItem 'C:\Program Files (x86)\Sophos\Sophos Anti-Virus' | ForEach {

    If ($_.LastWriteTime -gt (Get-Date).AddDays(-1)) {

        $updated = $true

    }

}

If ($updated) { Write-Host 'A file newer than 1 day old has been found.' }
Else { Write-Host 'New files not found' }

Free Windows Admin Tool Kit Click here and download it now
September 24th, 2013 9:42am

Thanks Mike for your prompt reply

Im not a scripting guy at all so all help is much appreciated. What I need is that if the folder is older than a day or 2 etc it will either create an event or email a specific email address. Our monitoring software can monitor events and creates a ticket it will also create a ticket from an email. If at all possible can you help with this and do i just run this as a batch file?.

Thanks again

September 24th, 2013 10:04am

Thanks Mike for your prompt reply

Im not a scripting guy at all so all help is much appreciated. What I need is that if the folder is older than a day or 2 etc it will either create an event or email a specific email address. Our monitoring software can monitor events and creates a ticket it will also create a ticket from an email. If at all possible can you help with this and do i just run this as a batch file?.

Thanks again


This is not a free consulting forum.  If you do not understand how to implement what is given to you, then you will need to contact a consultant to help you.  You can also learn to write scripts using the learning resources on this site.
Free Windows Admin Tool Kit Click here and download it now
September 24th, 2013 11:00am

My god, check you, Mr Full Of Your Own Importance!!

The guy's only asking for help, like you would have done many many many times in the past and would not have appreciated an unhelpful response like yours.

Did you understand exactly what it meant the first time you read a bit of code? Hmmm now let me see......

November 13th, 2013 11:34am

My god, check you, Mr Full Of Your Own Importance!!

The guy's only asking for help, like you would have done many many many times in the past and would not have appreciated an unhelpful response like yours.

Did you understand exactly what it meant the first time you read a bit of code? Hmmm now let me see......

You may want to read this:

http://social.technet.microsoft.com/Forums/scriptcenter/en-US/a0def745-4831-4de0-a040-63b63e7be7ae/posting-guidelines?forum=ITCG

Nothing jrv said was offbase. Perhaps not said in the gentlest tone, but still valid.

Free Windows Admin Tool Kit Click here and download it now
November 13th, 2013 11:37am

My god, check you, Mr Full Of Your Own Importance!!

The guy's only asking for help, like you would have done many many many times in the past and would not have appreciated an unhelpful response like yours.

Did you understand exactly what it meant the first time you read a bit of code? Hmmm now let me see......

Sorry but it is up to you to try to understand the basics.  If you cannot understand how to run a simple script then look into the learning material. 

Read the forum guidelines.  This is not a free scripting or scripts on demand forum.  It is a forum for technicians and other who are using scripting or who are trying to learn scripting.

Sorry if this is not what you expected.

November 13th, 2013 11:38am

Thanks Mike for your prompt reply

Im not a scripting guy at all so all help is much appreciated. What I need is that if the folder is older than a day or 2 etc it will either create an event or email a specific email address. Our monitoring software can monitor events and creates a ticket it will also create a ticket from an email. If at all possible can you help with this and do i just run this as a batch file?.

Thanks again

It's good to start learning PowerShell - If you are IT Admin this is most required. I will guide you in this script.

Step 1: Read the code line by line and change the mail ID and SMTP address


$updated = $false $from = "Monitoring Mail ID" $to = "Monitoring Mail ID" $SMTP = "Your Company SMTP ADDRESS or webmail URL" $Subject = "Alert -From Sophos AntiVirus." $body = "A file newer than 1 day old has been found." Get-ChildItem 'C:\Program Files (x86)\Sophos\Sophos Anti-Virus'| ForEach { If ($_.LastWriteTime -gt (Get-Date).AddDays(-2) ) { $updated = $true} } If ($updated) { Send-MailMessage -From $from -to $to -SmtpServer $SMTP -Subject $Subject -Body $body} Else { Write-Host 'New files not found' }

Step 2: Copy and Paste the Code in NotePad

Step 3: Save the File as AVAlert.PS1 in C:\Temp\

Step 4: Click Start and in search type PowerShell

Step 5: Right Click PowerShell Windows and Choose Run as Admin

Step 6: Run this code

Set-ExecutionPolicy RemoteSigned -ErrorAction SilentlyContinue

Step 7: Navigate to C:\Temp - Normal DOS Commands

Step 8: PS C:\Temp> .\AVAlert.PS1

Step 9: Push Enter

Let me know if you have any issues. as Jrv and Mike Suggested please do follow the link and nothing is harsh while learning.

Please shout if you need assiatance -

Free Windows Admin Tool Kit Click here and download it now
November 15th, 2013 11:19am

Placing set-execution policy inside of a script will not be of any use. Think about it. It must be set from an elevated prompt before the script is executed.

There is no need to do this for a local script that sends email.

#2 - It is probably easier to just read the log file to see if the signature update was successful.  Using the folder time will allow the update to fail repeatedly and you will never now it.  Only the log file tells you if the load was successful.

This is one reason why I posted that you need a consultant.  Only well experienced technicians should be allowed set up these automations to monitor security,  Your script request will create a problem that can blind everyone to the lack of AV updates.  This is how serious problems are induced.

The question and the proposed solution show a lack of complete understanding of how the system and programs work.

I am all infavor of admins scripting.  They need to know when the request is beyond there skill set.  Would you attempt brain surgery if asked?

Security compliance monitoring needs to be done by trained technicians.  A consultant would be well worth the money assuming the consultant is security certified.

November 15th, 2013 12:05pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics