Therefore, if the pattern triggers on smc.exe it stops immediately if the "Symantec EndPoint Protection" package is not present. Note that smc.exe is also a valid trigger process for Sygate Firewall. The pattern therefore also triggers on smc.exe The executable file of the windows service also changed to smc.exe. Symantec Anti Virus was renamed Symantec Endpoint Protection Client in version 11. Symantec Anti Virus versions prior to version 11 ran as a Windows service: rtvscan.exe. Following is the basic deployment model for this productĪpplication Model Produced by Software Pattern Pattern Trigger SymantecAV.The client is used to monitor policies and automate policy compliance activities. Symantec Endpoint Protection Client - Software that is deployed to networked computers.Symantec Endpoint Protection Manager - The management server that is used to configure clients, reports, and alerts.Symantec Endpoint Protection contains four main architectural components : Versioning for Symantec Endpoint Protection Client is obtained by the path of the trigger process using the regex Versioning is achieved to either x.x.x or x.x.x.x depth using this approach.
The package name that is searched for commences with one of the following:įor Symantec Endpoint Protection Manager, the package versioning is done using the following package entry Versioning is obtained by reading package information on Windows.
If the path to the trigger process is fully qualified the pattern attempts to extract version information using the WMI query: All these methods are tried in an order of precedence based on likely success and/or depth of the version information that can be gathered. Version information for the product is currently collected using one of four possible methods. Symantec Endpoint Protection Client process
0 kommentar(er)
