05 August 2019

MSPAssist & Bitdefender Causing Erroneous "Unknown AV" Alerts on Server OS

For those of you using the MSPAssist Module, Bitdefender, and struggling to stop the "Unknown AV" alerts on servers.  I have a solution for you.
MSPA does not, by default, check for BD While I have the programmer working on an update, he is struggling with a solution because of the way BD reports it's version/status, etc.This is what I've done, and it works quite well:
  1. Under Policy Management -> MSPAssist Monitoring\Global Default Policies\"CORE Global Policy" - Removed the Agent Procedure "AV Master SCRIPT". (NOTE: Before removing, make note of the Schedule.) Save and Apply.
  2. Created a View called "MSPAssist - STSI - Managed Machines Not Running Bitdefender".  In this View I used the Applications setting set to "Missing application epag.exe".  This filters out anything that is running BD.   Since BD isn't checked in the MSPA logic, there's no reason to run the AV Master SCRIPT against anything that has BD installed.
  3. In the MSPAssist Monitoring\Global Default Policies container, I created a new policy called "CORE Global Policy - AV Checks", assigned the newly created View and added in the Agent Procedure "AV Master SCRIPT".  Making sure to use the same schedule as before.
  4. I then applied the new policy and once the changes have all processed, I stopped getting the bogus Server - Unknown AV messages.  I now only get those alerts if the "epag.exe" file is missing, AND there is no other AV installed.
NOTE: DO NOT use this and expect to be notified if BD is missing from the machine. If there is any other AV installed that is supported in the MSPA scripts, it will check those AV's to see if they are up to date, and if so, no alert occurs.  It will not tell you BD is not installed.  You'll need to come up with separate logic for that.As always, TEST this in your environment before deploying.  Just because it works for me, doesn't guarantee it will be free of defects in your environment.

No comments:

Post a Comment