Collecting Antivirus Software Information

Collects information about antivirus programs installed on PCs and real-time virus treatment logs detected by antivirus software. Collects antivirus information from various vendors in NAC.

Antivirus can be detected via WMI queries in agentless environments. Refer to: wmi scan

• Strengthens endpoint security by collecting antivirus name, version, pattern information, real-time monitoring information, etc., from global vendors.

Antivirus Support List

Check all antivirus products supported by Genian NAC by version.

Vendor	Product Name	Product Version	Information Provided	v4.0.1x	v5.0.x
AhnLab	V3 Internet Security	7.x	Antivirus Name, Product Version, Current Pattern Version Name, Current Pattern Date, Real-time Monitoring, Last Scan Time	4.0.106~	5.0.3~
AhnLab	V3 Internet Security	8.x	Antivirus Name, Product Version, Current Pattern Version Name, Current Pattern Date, Real-time Monitoring, Last Scan Time	4.0.106~	5.0.3~
AhnLab	V3 Internet Security	9.x	Antivirus Name, Product Version, Current Pattern Version Name, Current Pattern Date, Real-time Monitoring, Last Scan Time	4.0.106~	5.0.3~
ESTSecurity	Alyac Enterprise	2.x	Antivirus Name, Product Version, Current Pattern Version Name, Current Pattern Date, Real-time Monitoring, Last Scan Time	4.0.106~	5.0.3~
ESTSecurity	Alyac Enterprise	3.x	Antivirus Name, Product Version, Current Pattern Version Name, Current Pattern Date, Real-time Monitoring, Last Scan Time	4.0.106~	5.0.3~
ESTSecurity	Alyac Enterprise	4.x	Antivirus Name, Product Version, Current Pattern Version Name, Current Pattern Date, Real-time Monitoring, Last Scan Time	4.0.146~	5.0.43~
ESTSecurity	Alyac Enterprise	5.x	Antivirus Name, Product Version, Current Pattern Version Name, Current Pattern Date, Real-time Monitoring, Last Scan Time	4.0.146~	5.0.43~
Hauri	ViRobot	VRIS 2011	Antivirus Name, Product Version, Current Pattern Version Name, Current Pattern Date, Real-time Monitoring, Last Scan Time	4.0.106~	5.0.3~
Hauri	ViRobot Desktop	5.5	Antivirus Name, Product Version, Current Pattern Version Name, Current Pattern Date, Real-time Monitoring, Last Scan Time	4.0.106~	5.0.3~
Hauri	ViRobot	7.x	Antivirus Name, Current Pattern Version Name, Current Pattern Date, Real-time Monitoring, Last Scan Time	4.0.106~	5.0.3~
Hauri	ViRobot Security 1.0	1.x	Antivirus Name, Product Version, Current Pattern Version Name, Current Pattern Date, Real-time Monitoring, Last Scan Time	N/S	5.0.59~
INCA	nProtect Anti-Virus/Spyware	3.x	Antivirus Name, Current Pattern Version Name, Current Pattern Date, Real-time Monitoring, Last Scan Time	4.0.106~	5.0.3~
SGA Solution	VirusChaser		Antivirus Name, Current Pattern Version Name, Current Pattern Date, Real-time Monitoring, Last Scan Time	4.0.106~	5.0.3~
Avira	Free Antivirus	15.x	Antivirus Name, Current Pattern Version Name, Current Pattern Date	N/S	5.0.3~
Avira	Internet Security Suite	15.x	Antivirus Name, Current Pattern Version Name, Current Pattern Date	N/S	5.0.3~
Avira	Antivirus Pro	15.x	Antivirus Name, Current Pattern Version Name, Current Pattern Date	N/S	5.0.3~
Avira	Endpoint Suite	15.x	Antivirus Name, Current Pattern Version Name, Current Pattern Date	N/S	5.0.3~
Bitdefender	Antivirus Plus	23.x	Antivirus Name, Product Version, Real-time Monitoring	N/S	5.0.14~
Bitdefender	Internet Security	23.x	Antivirus Name, Product Version, Real-time Monitoring	N/S	5.0.14~
Bitdefender	Total Security	23.x	Antivirus Name, Product Version, Real-time Monitoring	N/S	5.0.14~
Cylance	PROTECT	2.0.1420.13	Antivirus Name, Product Version, Real-time Monitoring	4.0.106~	5.0.24~
CrowdStrike	CrowdStrike FALCON Sensor		Antivirus Name, Product Version, Real-time Monitoring	N/S	5.0.29~
ESET	NOD32 Antivirus	9.x	Antivirus Name, Product Version, Current Pattern Version Name, Current Pattern Date, Real-time Monitoring, Last Scan Time	N/S	5.0.3~
ESET	NOD32 Antivirus	12.x	Antivirus Name, Product Version, Current Pattern Version Name, Current Pattern Date, Real-time Monitoring, Last Scan Time	N/S	5.0.3~
ESET	Endpoint Security	12.x	Antivirus Name, Product Version, Current Pattern Version Name, Current Pattern Date, Real-time Monitoring, Last Scan Time	N/S	5.0.3~
ESET	Internet Security	12.x	Antivirus Name, Product Version, Current Pattern Version Name, Current Pattern Date, Real-time Monitoring, Last Scan Time	N/S	5.0.3~
ESET	Smart Security	12.x	Antivirus Name, Product Version, Current Pattern Version Name, Current Pattern Date, Real-time Monitoring, Last Scan Time	N/S	5.0.3~
F-Secure	F-Secure Anti-Virus	17.x	Antivirus Name, Current Pattern Version Name, Current Pattern Date, Real-time Monitoring, Last Scan Time	N/S	5.0.15~
Kaspersky	Antivirus		Antivirus Name, Current Pattern Version Name, Current Pattern Date, Real-time Monitoring, Last Scan Time	4.0.106~	5.0.3~
Kaspersky	Endpoint Security	11.x	Antivirus Name, Product Version, Current Pattern Version Name, Current Pattern Date, Real-time Monitoring, Last Scan Time	4.0.106~	5.0.3~
McAfee	Desktop Protection		Antivirus Name, Product Version, Current Pattern Version Name, Current Pattern Date, Real-time Monitoring, Last Scan Time	4.0.106~	5.0.3~
McAfee	Total Protection (VirusScan)	22.3	Antivirus Name, Product Version, Current Pattern Version Name, Current Pattern Date, Real-time Monitoring, Last Scan Time	4.0.106~	5.0.24~
McAfee	Endpoint Security	10.6.0.542	Antivirus Name, Product Version, Current Pattern Version Name, Current Pattern Date, Real-time Monitoring	4.0.106~	5.0.24~
Microsoft	Security Essentials		Antivirus Name, Current Pattern Version Name, Current Pattern Date, Real-time Monitoring, Last Scan Time	N/S	5.0.3~
Microsoft	Forefront		Antivirus Name, Current Pattern Version Name, Current Pattern Date, Real-time Monitoring, Last Scan Time	4.0.106~	5.0.3~
Microsoft	System Center		Antivirus Name, Current Pattern Version Name, Current Pattern Date, Real-time Monitoring, Last Scan Time	N/S	5.0.3~
Microsoft	Windows Defender		Antivirus Name, Current Pattern Version Name, Current Pattern Date, Real-time Monitoring, Last Scan Time	4.0.106~	5.0.3~
Panda Security	Panda Endpoint Protection Plus	8.0.15	Antivirus Name, Product Version, Current Pattern Date (Last Update Date), Real-time Monitoring	N/S~	5.0.30~
Sophos	Home	1.3.x	Antivirus Name, Product Version, Current Pattern Version Name, Current Pattern Date, Real-time Monitoring	N/S	5.0.17~
Sophos	Endpoint	2.1.x	Antivirus Name, Product Version, Current Pattern Version Name, Current Pattern Date, Real-time Monitoring	N/S	5.0.17~
Symantec	Endpoint Protection	12.x	Antivirus Name, Product Version, Current Pattern Version Name, Current Pattern Date, Real-time Monitoring, Last Scan Time	4.0.106~	5.0.3~
Trend Micro	OfficeScan	10.x	Antivirus Name, Current Pattern Version Name, Current Pattern Date	4.0.106~	5.0.3~
Trend Micro	APex One		Antivirus Name, Product Version, Current Pattern Version Name, Current Pattern Date, Real-time Monitoring	N/S	5.0.42~
Check Point	Endpoint security		Antivirus Name, Product Version, Current Pattern Version Name, Current Pattern Date, Real-time Monitoring	N/S	5.0.42~
엑소스피어	엑소스피어랩스		Antivirus Name, Product Version, Current Pattern Version Name, Real-time Monitoring, Last Scan Time	N/S	5.0.58~
SentinelOne	Sentinel Agent		Antivirus Name, Product Version, Real-time Monitoring	5.0.74~

Antivirus Information Collection

1. Go to Policy in the top menu.
2. In the left Policy menu, go to Policy > Node Policy > Node Action.
3. In the Node Action management window, find and click Antivirus Information Collection.

Below are Basic Settings.

1. For CWP Message, add a message to display according to the policy.
2. For Label, adding a label allows you to categorize the plugin with a custom label displayed in the "Description" input field.

Below are Action Execution Settings.

1. In Antivirus Information Scan Cycle, define the cycle for scanning antivirus information. (Seconds - Hours)
2. Real-time Monitoring OFF Hold Count is set so that real-time monitoring is reported as Off only when it is collected as Off for a certain number of consecutive times.
3. Set Antivirus Integration to On to enable the antivirus software integration function.
   • In Treatment Audit Log, select whether to audit logs for treated viruses.
   • Duplicate Log Exclusion Time sets the time during which identical logs for viruses are not recorded. (Minutes - Hours)
   • Select Force Real-time Monitoring as Off to disable real-time scanning.
   • Force Scan forcibly performs a scan if the last virus scan time is older than the set cycle. (Hours - Months / 0 means not performed)
   • For Scan Method, select Full Scan.
   • Set Hide Scan Window UI to On to hide the virus scan window UI from the user.
   • Force Update forcibly performs an update if the last antivirus engine update time is older than the set cycle. (Hours - Months)
4. Click the Modify button.
5. In the left Policy menu, go to Node Policy.
6. Click the Node Policy you wish to apply.
7. Find Node Action Settings and click Assign.
8. In the Available items, find Antivirus Information Collection and drag it to the Selected items.
9. Click the Add button.
10. Click the Modify button.