Jump to content

How to locate online workstations without agent?


Recommended Posts

Rogue Detection Sensor is not an option; we have too many subnets and potential workstations are not online consistently enough for the Sensor to be useful anyway.

 

We use AD sync, but don't want to install the agent/AV on some servers, and are not ready to install to our OS X devices.

 

So we need a way to locate only Windows workstations that are 1) currently online, and 2) do not have the agent installed.

 

Our previous AV had a built in ping sweep that could identify online workstations and their OS. Does ESET have anything similar?

 

Any other ideas on how to go about this?

 

Thank you.

Link to comment
Share on other sites

  • ESET Moderators

Hello j-gray,

We have the RD Sensor specifically for this situation, but since you don't want to use it, you could look up the computers in AD using a script checking installed software.

Link to comment
Share on other sites

Hello j-gray,

We have the RD Sensor specifically for this situation, but since you don't want to use it, you could look up the computers in AD using a script checking installed software.

Thanks. It's not that I don't want to use it, it's just not viable given the number of subnets and the operating systems we have.

 

Unless I'm misinformed, the RD sensor can only be installed on Windows computers. That leaves no options for subnets that are OS X only.

 

Further, the required third-party utility (WinPcap) for the RD Sensor hasn't been under development for over 2 years. From the information on their site, it is not supported on Win8/Win10 workstations, nor Win2012 servers and is therefore approaching obsolescence.

 

In fact, WinPcap doesn't appear to be supported any longer, in general. As it has had significant vulnerabilities in the past, this is also cause for concern.

 

There needs to be a better solution.

 

*edit: latest WinPcap release from 2013 appears to support Win8 and Win2012, but no support for Win10 or Win2012 R2.

Edited by j-gray
Link to comment
Share on other sites

  • ESET Staff

Well, sorry to tell you but yes, you're misinformed.

As I can't post here due the extension png, just go to the link..

 

  hxxp://www.eset.com/int/download/business/detail/family/258/#offline,,,13,

 

You will find the sensor can be deploy in linux and windows.

 

In other hand...

Using ERAv5, some people put 1 ERA in each subnet and that ERA reports to a main one, all pc and subnet are listed.

Link to comment
Share on other sites

Well, sorry to tell you but yes, you're misinformed.

 

You will find the sensor can be deploy in linux and windows.

Apologies, I omitted Linux, as we do not use it in our environment, so is irrelevant for us.  And Linux RD is not a solution for subnets which are OS X only.

Link to comment
Share on other sites

  • ESET Staff

Ok, got it.

Yes, RD Sensor is not for OS X.

 

 

So we need a way to locate only Windows workstations that are
1) currently online, and
2) do not have the agent installed.

 

For 2:

  The problem is on the point 2, to detect the agent installed you need the RD sensor (as far as I know, anyone can correct me if I wrong).

 

For 1:

   As @TomasP says and Active Directory Script will detect online computers..

   hxxp://blogs.technet.com/b/heyscriptingguy/archive/2011/11/19/query-ad-for-computers-and-use-ping-to-determine-status.aspx

 

Thinking on the point 2, the Pc with agent installed should be reporting (if you configured properly) and at least 1 rogue detector sensor

must be deploy to find the Windows ones (those who are online and sending info).

 

Perhaps if you dislike the "mechanic" of ERAv6, you should back to ERAv5, no agents, no sensors.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...