This morning a user had a bad install of norton and it wasn't working. It just so happened that they sent out a virus... Why didn't we think of this before???
code:
break on
:TestRealTimeAV
$AVTestJulDay = ReadProfileString("%windir%\CorpLS.ini","AntiVirus","RealTime Last Tested Julian Day")
$AVTestJulDay = Val($AVTestJulDay)
$AVTestDate = ReadProfileString("%windir%\CorpLS.ini","AntiVirus","RealTime Last Tested Date")
If $AVTestJulDay = 0 or ($AVTestJulDay + 30) < @YDayno
CLS
$Msg1 = "The logon script will now test your antivirus software. This is a proactive step that will be done once every 30 days on your workstation."
$Msg2 = "During the testing a Norton AntiVirus Notification dialog box should appear on your screen."
$Msg3 = "@CRLF@CRLFIf you DO receive this notification please click the 'X' in the upper right hand corner to close the notification. You will NOT need to call the help desk."
$Msg4 = "@CRLF@CRLF@CRLF ** Remember, the file that it will detect is a test file, it is NOT a real virus. **"
$Msg5 = "@CRLF@CRLF@CRLFBelow is an example of the notification message you will receive:"
$Msg6 = "@CRLF@CRLFScan type: Realtime Protection Scan@CRLFEvent: Virus Found!@CRLFVirus name: EICAR Test String"
$Msg7 = "@CRLFFile: %wINDIR%\AntiVirusCheck.chk@CRLFLocation: %WINDIR%"
$Msg8 = "@CRLFComputer: @wksta@CRLFUser: @Userid@CRLFAction taken: Clean failed : Delete succeeded : Access denied"
$Msg9 = "@CRLFDate found: @DATE @TIME"
? "Testing Antivirus Software. Please wait..."
$Msg = MessageBox("$Msg1 $Msg2 $Msg3 $Msg4 $Msg5 $Msg6 $Msg7 $Msg8 $Msg9","Company Logon Script AntiVirus Test",48)
$WriteAVTestJulDay = WriteProfileString("%windir%\CorpLS.ini","AntiVirus","RealTime Last Tested Julian Day","@YDayNo")
$WriteAVTestDate = WriteProfileString("%windir%\CorpLS.ini","AntiVirus","RealTime Last Tested Date","@Date")
$WritePrevAVTestJulDay = WriteProfileString("%windir%\CorpLS.ini","AntiVirus","Previous RealTime Last Tested Julian Day","$AVTestJulDay")
$WritePrevAVTestDate = WriteProfileString("%windir%\CorpLS.ini","AntiVirus","Previous RealTime Last Tested Date","$AVTestDate")
$WriteAntiVirusChk = Redirectoutput("%windir%\AntiVirusCheck.chk",1)
"X5O!P%@@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*"
$WriteAntiVirusChk = Redirectoutput("")
Sleep 5
If Exist("%windir%\AntiVirusCheck.chk") = 0
$Msg = MessageBox("Your antivirus software is working properly. If the Norton AntiVirus Notification dialog box is open please click the 'X' in the upper right hand corner to close the notification.","Company Logon Script Antivirus Test",64)
Else
beep
beep
beep
sleep 1
$Msg = MessageBox("The antivirus software on your workstation did not detect the test antivirus file! Please open a ticket with x23000.@CRLFFailure to do so WILL cause your workstation to be open to viruses.@CRLF@CRLFThis information has been logged.","Company Logon Script Antivirus Test",48)
$Log = Redirectoutput("\\logserver\database\lan\logs\norton\AVRealTimeFail.log")
? "@DATE @TIME @WKSTA @USERID failed the realtime scan test."
$Log = Redirectoutput("")
Endif
EndIf
Your thoughts?? L8tr...