Track Anti-Virus Software Versions with PDQ Inventory

Posted on Posted in PDQ Inventory, Scanning

PDQ Inventory is especially useful for keeping tabs on application information. Building dynamic collections in PDQ Inventory can answer questions like: “Are all of our devices up to date?” and “Which devices are most vulnerable right now?”. For some examples, we will use PDQ Inventory to find computers that have multiple anti-spyware applications installed and, of course, which computers have our preferred anti-spyware installed. In this example, we will use WebRoot SecureAnywhere as the preferred application.

Start by making two basic dynamic collections:

  1. A collection for your organization’s preferred anti-virus software
  2. A collection for devices with potentially unwanted anti-virus software.

The latter is important to track because no user is perfect—a hasty “whatever, just click install” mindset usually results in unwanted applications getting installed somewhere along the line. Having multiple anti-spyware applications on a single device can cause conflicts that can even result in BSODs and disabled anti-virus protection—something no admin, or even end user, wants to see.

Finding Unwanted Anti-Virus Installations

Set up an unwanted anti-virus collection to catch big-name applications that your organization does not use—just use the Any filter as shown below. It will help to add a few basic keywords to catch lesser-known or junk applications that might slip through. Experiment with application name/publisher values until you’ve covered all the bases, then uninstall unwanted applications at will!

Track Anti-Virus Software Versions

Having good anti-virus software only goes so far in keeping your organization’s devices safe. Mismanaged or undermanaged anti-virus software is a security risk.  PDQ Inventory makes it easy to track anti-virus software versions and to identify devices with out-of-date protection or other software problems.

Handling Mismatched Anti-Virus Version Counts

Sometimes, the numbers of out-of-date and up-to-date versions will not match up to the number of devices in the parent collection. For example, you might have 200 devices in the parent collection, but 175 show up with the current software version and 50 show up with older versions. Mismatched version counts could result from an updated version failing to uninstall previous versions. This would cause two or more versions show up on one device. Multiple installed versions might be something to handle on a case-by-case basis via remote uninstall commands in PDQ Inventory or with a custom uninstall package in PDQ Deploy.
There are a lot of old versions reported in the group of collections below, due in part to mismatched version counts. Old versions are especially likely to show up in larger numbers for cloud-based anti-virus applications. If the version number from cloud-based software looks like it’s severely out of date, it may just be the version number of the agent installed, not the actual update protecting the device.

aa-wrsadynamiccolls

In this case, the endpoint device can be checked to verify that it is receiving updates from the cloud. Below is how the agent version from PDQ Inventory/Programs List could differ from the cloud-based update protecting a device.

AA-WRSAEndpoint (1)

Collections for different versions are simple to make, though, especially when you put variables to use.

Maintaining Software Versions in Collections

Variables help you easily change up-to-date and out-of-date version numbers. The benefit of variables is you can change them all in one place, rather than have to edit multiple collections. I set several variables to separate the previous version from all other older versions to separate devices that failed to update once from devices that failed to update several times. Name your variables and set appropriate values, then use them in dynamic collections.

 

blog-collection-webrootlatest

Once your collections are built and you’re confident that they’re accurate, it’s time to put them to good use. Use PDQ Deploy to build a package with the most recent version of the anti-virus software your organization uses, then deploy it to the most vulnerable (out-of-date) targets.  When new versions of anti-virus software are released, all you need to do is update the variables you set in Preferences. Your dynamic collections will then reflect the changes.

Once your out-of-date anti-virus pile is down to zero, treat yourself to a little dance and then make sure other applications and plugins that affect security are up to date!

 

Disclaimer: For demonstration purposes, cloud-based software was treated as hosted/on-premise software. Keep in mind that the nature of your anti-virus software (cloud-based or hosted/on-premise) can affect how the software’s version information shows up in PDQ Inventory.



Leave a Reply

Your email address will not be published. Required fields are marked *