Jump to content
kbyrd

Virus Scanner detection for Mac installations.

Recommended Posts

Hello everyone!

 

I am attempting to have our LT 11 environment recognize our current AV in place within the Virus Scanner box for Mac machines using Labtech. At this given point in time none of the methods of creating a Virus Scanner Definition I've tried has worked for me.

 

Have any of you been able to create a Virus Scanner definition for a Mac AV product and have it work? If so, can you please shed some insight? I have searched the forum in depth and have not found anything on this.

 

Any assistance/information is greatly appreciated!

 

Thanks,

Kevin

Share this post


Link to post
Share on other sites

The methods used for that are not supported by the mac agent. I and others have tried to work around that in the past but I'm unaware of anyone ever succeeding in getting that populated for Mac agent.

 

Sent from my SAMSUNG-SM-G930A using Tapatalk

Share this post


Link to post
Share on other sites

Well at least I know I'm not alone, thanks for this info! I'll be sure to update this if I come across a working method.

Share this post


Link to post
Share on other sites

I just thought of this idea, but it could be an option.

 

If you standardise your MAC antivirus, you could run a script to check for the antivirus, and if it is found, have it insert the AV name into the relevant SQL table for that computer ID so it shows up that AV is installed.

Share this post


Link to post
Share on other sites

For Webroot for Mac, use these settings:

 

Program Location:

/Applications/Webroot SecureAnywhere.app/Contents/info.plist

 

Definition Location:

/library/Application Support/Webroot/macdefs.wdf

 

AP Process:

WSDaemon

 

Date Mask:

(.*)

 

OS Type:

MAC

 

Name it whatever you want. This was provided to me by a LabTech support tech. I have to test how well the definition date works, but it does work properly for reporting that Webroot for Mac is installed and running.

Share this post


Link to post
Share on other sites

I also tried this with no luck myself, however the "Update Plugins" Labtech command that I would normally send on the PC side of things to have this update is showing as unsupported for Mac agents.....Resend Everything with System Inventory also did not help - any other ways I'm missing to have Labtech update this information?

Share this post


Link to post
Share on other sites

I am running the following:

 

LabTech 11 (Patch 10)

Webroot Plugin: Version 2.5.13.0

 

I just opened a Mac and it reports Webroot installed based on those settings. I'm still dicey on whether it is or isn't reporting definitions properly (for that Mac, it reported 7/27/2016, and I haven't gotten consistent definition reports from our Macs).

 

In some isolated cases, I have had to uninstall and reinstall Webroot on a given Mac to get it to report in properly.

Share this post


Link to post
Share on other sites

If anyone is using Cylance as their AV Solution, i was able to get the scanner working for macs using the below syntax.

59ec94434d380_Cylancemac.JPG.d38d894f110a535fe4de6c950f9674af.JPG

Share this post


Link to post
Share on other sites
For Webroot for Mac, use these settings:

 

Program Location:

/Applications/Webroot SecureAnywhere.app/Contents/info.plist

 

Definition Location:

/library/Application Support/Webroot/macdefs.wdf

 

AP Process:

WSDaemon

 

Date Mask:

(.*)

 

OS Type:

MAC

 

Name it whatever you want. This was provided to me by a LabTech support tech. I have to test how well the definition date works, but it does work properly for reporting that Webroot for Mac is installed and running.

 

my Mac LTagents were not updating properly previously - I have resolved this and can also confirm these settings have also worked for me at this time as well.

 

Thank you sir!

Share this post


Link to post
Share on other sites

Has anyone been able to make this work with Symantec Endpoint Protection?

This is what I found so far while reviewing the agent:

 

Program Location:

/Applications/Symantec Solutions/Symantec Endpoint Protection.app <- there is no further location

 

Definition Location:

/library/Application Support/Symantec/Silo/NFM/Definitions/virusdefs

 

Our main target here is to have the agent report that the application is THERE as an Antivirus, so it can show on the Agent screen.

 

Thanks in advance.

Share this post


Link to post
Share on other sites

Here's one I just did for Sophos.

Name:  Sophos Antivirus OSX

Program Location:  /Applications/Sophos Anti-Virus.app/Contents/info.plist

Definition Location:  /library/Application Support/Sophos/opm/Installer.app/Contents/info.plist

AP Process:  SophosScanD

Date Mask:  (.*)

OS Type:  MAC

 

  • Like 1

Share this post


Link to post
Share on other sites
On 5/4/2017 at 8:43 AM, srogers said:

If anyone is using Cylance as their AV Solution, i was able to get the scanner working for macs using the below syntax.

59ec94434d380_Cylancemac.JPG.d38d894f110a535fe4de6c950f9674af.JPG

Is this working for anyone else?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×