Introduction
This guide will outline how to best monitor your customer’s Antivirus via Naverisk, in their environment on Workstations. A case study will also be provided for monitoring Bitdefender Antivirus.
This document is intended to walk through the steps of configuring the Naverisk Security Centre for Antivirus, Firewall and Anti-Spyware Monitoring. Naverisk can automatically retrieve information from the Microsoft Action Centre via the Naverisk Agent for Alerting and Reporting purposes.
Note: Only Microsoft Workstation Operating Systems Windows XP SP3 onwards are supported by the Naverisk Security Centre. For server OS there is a script pack on the routine store which you can run to connect Monitoring up.
Microsoft Server Operating Systems, Microsoft Windows Defender and Microsoft Security Essentials are not supported as Microsoft has decided that the Security Centre should only reflect third-party AV products.
To monitor Server Operating Systems or Microsoft Security Products, you will require a Device Role. Please see the Device Role guide in the Naverisk Resource Centre for further information.
1.0 Cloud Tab
In this section, we will go over how to use the Cloud tab to monitor your AV software. Bitdefender will be used as an example throughout this document.
The Cloud Tab is essentially a portal for allowing you to utilise a website within Naverisk. To get the Cloud tab configured, please navigate to the tab within your Naverisk instance and select New Cloud Space in the top right-hand corner of your screen:
Here you will need to insert the URL of the website where your AV is located. BitDefender is used in this Example:
Check the tick box for Open in New Tab as the BitDefender GarvityZone website does not support iframes. If the website that you are intending to use does not support iframes, then you will require this tick box checked.
Once configured and saved, the new Cloud space will be available:
Click Activate to open the Cloud space and this will open a new window. If you configure a website that supports iframes, the website will show within the Naverisk page:
You can now login to your GravityZone portal and manage the Antivirus Devices that you have deployed on your Clients.
2.0 The Security Centre
Naverisk can integrate into the Microsoft Windows Security centre to provide efficient Antivirus monitoring on your Workstation Devices.
This section is intended to walk through the steps of configuring the Naverisk Security Centre for Antivirus, Firewall and Anti-Spyware Monitoring. Naverisk can automatically retrieve information from the Microsoft Action Centre via the Naverisk Agent for alerting and reporting purposes.
Note: Only Microsoft Workstation Operating Systems Windows XP SP3 onwards are supported by the Naverisk Security Centre.
Microsoft Security Centre is designed to report on the status of 3rd party Antivirus applications only – it will not report on the status of Windows Defender or Microsoft Security Essentials.
To monitor Server Operating Systems or Microsoft Security Products, you will require a device role. For resources on how to perform this, please refer to the Device Role documents found in the Naverisk Resource Centre.
2.1 Naverisk Security Centre Monitoring - set up
To set up the Naverisk Security Centre follow these steps below.
Log in to Naverisk, Navigate to Settings and select the OS Templates Icon;
2. Select the appropriate client and select the 'Green Arrow' to make changes to the desired Operating System Template:
3. Within the OS Template, select the desired security services and signatures to monitor, then save the template
4. Naverisk has now picked up on BitDefender Endpoint Security for a Windows 7 workstation below.
3.0 Running Antivirus Reports
Now that the Antivirus monitoring is configured, you can generate a report that you can show to your customers. Depending on what Antivirus you use, you may be able to generate a report through that Antivirus management portal. Alternatively, Naverisk has an Antivirus Detail Report available as well as the Antivirus Summary report.
The Antivirus Detail report can be found under the Reports tab > Device > Antivirus Detail and will look like the below example:
Please bear in mind that if you have only just started monitoring a new client, there may not be any current results for that Device. Waiting at least 24 hours for data to be retrieved and logged by Naverisk should provide you with better results.
The Antivirus Summary report can be found in the Reports tab > Client Facing > Antivirus Summary. It will appear as a pie graph as per the below example:
Depending on your requirements, you may prefer the Antivirus Detail over the Antivirus Summary report.
4.0 Case Study - BitDefender Deployment
This section will outline how you can deploy Bitdefender through Naverisk. Bitdefender has been used as an example, you may be able to do this with other AV software, however, you will need to contact your AV vendor to find out the information required to accomplish this.
To deploy Bitdefender through Naverisk, follow the below steps to create a script pack to be deployed across your Devices:
Login to your Bitdefender GravityZone Portal at https://gravityzone.bitdefender.com/
Under Network in the left hand, pane click on Packages
3. Choose the package that you wish to deploy by clicking the Checkbox next to its name
4. Click on Download on the top grid
5. Choose Windows Downloader
6. Let the installer download, DO NOT RENAME THIS FILE (IMPORTANT)
7. In Naverisk, go to Settings > Script Packs
8. Click on Choose File and upload the Bitdefender installer you downloaded
9. Click on the check box for Primary to make the installer you just uploaded the primary file executed by the script pack
10. Under the Parameters section at the bottom, put /silent
11. Click Save
Now that you have created your Bitdefender Deployment script, you can either run this manually through the Devices tab or create a scheduled job to deploy this script pack at a designated time.
If you do not wish to deploy Bitdefender through Naverisk, you can use Bitdefender Remote Installation. You can find the details for this on the Bitdefender website when you first log in to the portal (as below).
4.1 Scheduling Scans and Updates
Depending on the AV software you are using to monitor your customers, you may be able to create script packs that you can execute through Naverisk to initiate a Scan or an Update. In an older release of Bitdefender, command-line switches were accepted however in the latest version of Bitdefender they have removed this functionality.
To schedule Bitdefender Updates & Scans, you will need to configure this through your Bitdefender portal which is accessible through the Cloud Tab.
In the GravityZone portal this can be done through the Policies Tab and configured to suit your needs:
Scheduled Update:
Scheduled Scan:
Once you have created your Policy for the Update and Scans, you will then need to assign it to your Devices. To do this, you will need to navigate to the Network Tab and select the Device you wish to assign the policy.
Once you have selected the Devices or group of Devices, click Assign Policy:
You can then select the appropriate policy that you wish to assign and click on Finish:
This policy will then filter down to your Bitdefender endpoints.
If you do run a different AV, we would highly recommend doing some research online about your AV product as to whether or not it accepts command-line switches. If it does, test these out to confirm that they work. Once configured, you can create a script pack in Naverisk and implemented a scheduled job to update the AV as well as the scans.
5.0 Troubleshooting
If the security centre is displaying another AV product or the one previously remove you may have remnants of the previous product. You will need to run a clean up of the previous product. To check what the system is detecting run this from Command Prompt:
wmic /namespace:\\root\SecurityCenter2 path AntiVirusProduct get * /value
Run the old products removal tool to clean up the old product.