powershell query policy manager

Scholar

powershell query policy manager

hi guys,  I'm new to F-Secure and I was wondering whether I could use Powershell to query the policy manager somehow, or the f-secure client on the server?  The IT manager would love to have a simple script that he can simply run to check various server properties regarding all sorts of non-f-secure related settings, but also including the F-Secure AV definitions versions. Would that be possible?

15 REPLIES 15
F-Secure

Re: powershell query policy manager

Hi Krisvdv,

There are number of options to achieve what you wish:
You can use WMI: https://help.f-secure.com/product.html#business/policy-manager/14.30/en/concept_E55FFF0187A54B79B306...

 

You can fetch DB update info (if it is enough for you) from the client’s registry HKEY_LOCAL_MACHINE\SOFTWARE\F-Secure\Ultralight\updates
Some engines have subkeys, latest is active, you can skip older one – it is for rollback purposes

 

And the last one, a bit overcomplicated especially for powershell scripting: to fetch data directly from the Policy Manager DB. In case you switched PM to MySQL everything is more or less straightforward. In case default H2 engine is used, you need to enable ODBC connector. See page https://community.f-secure.com/t5/Business-Suite/Policy-Manager-advanced/ta-p/11869 properties odbcConnectorEnabled, odbcConnector.pgAllowOthers, odbcConnector.pgPort


Regards,
Alex

Scholar

Re: powershell query policy manager

hi Alex, thanks for the reply.

 

It seems that WMI is the way to go for us, however, I can't get it working.  Does it work only when you have PSB?  I believe we just use the F-Secure Policy Manager Console.

 

The F-Secure docs mention : 

.
Obtaining properties via WMI
Instructionson how to obtain properties via WMI.

1.
Turn on the WMIProvidersetting as follows:
  a) In the PSB portal,go to Profiles>GeneralSettings.
  b) Unde rIntegrations, turn on WMI Provider.
  c) Select Save and Publish.
  d) Go to Devices and select your device.
  e) Select Assignprofile>Assign.


2.
Open WindowsPowerShell with the administrator rights.


3.
At the command prompt,enter commands as shownbelow to retrieve,for example,the followingclassesandproperties.
• Retrievingproductversion
$product= Get-WmiObject -Namespace "root/fsecure" -ClassProduct



Superuser

Re: powershell query policy manager

go to Settings /Advanced view:
grafik.png

 

Matthias
----------
perComp is a Platinum Partner of F-Secure since 1994. Any advice or help given by me in this forum is voluntarily and to my best knowledge based on working with the products since 1997. Direct contact for customers please check our homepage http://www.percomp.de

Scholar

Re: powershell query policy manager

Ok, found it, thanks!

Scholar

Re: powershell query policy manager

So now WMI is enabled, but I still can't use it.
At a certain point I was asked confirmation to enable (through distribution) this on remote machines to which I replied with a yes.

 

Still these commands are not working, not even when connected to the server (with rdp):

 

Get-WmiObject -List | where { $_.name -match 'avdefinition'}

-> no result

 

get-wmiobject -namespace ROOT -list | where { $_.name -match 'fsecure'}
-> no result

get-wmiobject -namespace ROOT -list

-> no fsecure in the list

 

Get-WmiObject -Namespace root -class __namespace | Select-Object -Property name

-> no fsecure in the list

 

I tried all sorts of variations/combinations, but still no result.

 

 

What am I missing?

thanks,

Kris

Superuser

Re: powershell query policy manager

You have enabled WMI on the HOSTs.
But the topic of this thead is "query policy manager".

 

Now, what do you want to do?

Matthias
----------
perComp is a Platinum Partner of F-Secure since 1994. Any advice or help given by me in this forum is voluntarily and to my best knowledge based on working with the products since 1997. Direct contact for customers please check our homepage http://www.percomp.de

Scholar

Re: powershell query policy manager

I have a list of 250 Windows servers all running the F-Secure client.

We would like to know which AV Definitions versions is installed on those servers.

 

To use WMI, we need to query the servers directly, not the policy manager I believe?
(I didn't now this when I posted the original question. )

 

So subject should be :  powershell/WMI/F-Secure clients

 

Thanks.

 

 

Superuser

Re: powershell query policy manager

"Get-WmiObject -Namespace "root/fsecure" -Class Antivirus"
works fine on my end (Not sure if a reboot is needed).

check here for examples:
https://help.f-secure.com/product.html#business/psb-portal/latest/de/task_D863946C3247471F948CD82785...

But keep in mind that the ORSP Connectivity status is the more important information.
IMHO the AvUpdate status of a client is not very usefull. The age of the Updates compared to last connectionstatus is more interesting.


Performing an action on a "menat to be old" status can also be a problem, as system usually start updateing only a few minutes after bootup.

 

Matthias
----------
perComp is a Platinum Partner of F-Secure since 1994. Any advice or help given by me in this forum is voluntarily and to my best knowledge based on working with the products since 1997. Direct contact for customers please check our homepage http://www.percomp.de

Scholar

Re: powershell query policy manager

result is :

Get-WmiObject : Invalid namespace "root/fsecure"

So the namespace can't be found.


I have no idea how to start troubleshooting this..