Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 5735 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Detecting machines without Sophos

JhunBanz

Hi ,

What is the best way to detect or locate machines without running Sophos Endpoint Protection clients.?

Regards,

Jhun

:48328


This thread was automatically locked due to age.
Parents
  • 0

    I use the following vbs script to check for host that are in the Sophos DB, have not reported to the console for 3 days but are responding to a ping.

    Maybe this is what you need or otherwise you could adopt it and modify it for your use case.

    Notice that it is for a SEC 5.0 DB (we are still at that release) but I think it also works for higher versions.

    The user that executes the script must have read access to the Sophos DB.

    ' Joost Bakker
' 29-04-2011
' Script to check for hosts that have not reported to the Sophos management
' console for 3 days (or at all) but do respond to a ping.


option explicit

Dim objConnection, objRecordSet, strConnection, strDataSource, strDatabase

' define variables
' SQL server URL:
strDataSource = "sqlserver.domain.com"
' Database name:
strDatabase = "SOPHOS50"
strConnection = "Provider=SQLOLEDB;" & "Data Source=" & strDataSource & ";" & "Initial Catalog=" & strDatabase & ";" & "Integrated Security=SSPI"

'Set objects
Set objConnection = CreateObject("ADODB.Connection")
Set objRecordSet = CreateObject("ADODB.Recordset")

' Message to let user know what the script is doing
WScript.Echo "This script will check for hosts that have not reported to the Sophos management console " & vbnewline & " for 3 days (or at all) but do respond to a ping." & vbnewline & vbnewline & "This can take some time so please be patient."

' connect to DB
objConnection.Open strConnection
' Do query
objRecordSet.Open "SELECT name FROM ComputersAndDeletedComputers WHERE (LastMessageTime <= GetUTCDate() - 3 OR managed = 'false') AND Deleted = 'false' ORDER BY NAME ASC", objConnection, 3

' Loopt trough record set
objRecordSet.MoveFirst
WHILE NOT objRecordSet.EOF
	' If host reponds to ping presend user with a nice message.
	If Ping(objRecordSet("name")) = True then
		WScript.Echo  "Host " & objRecordSet("name") & " responds to a ping but has not made contact with the management server for 3 days (or at all)." & vbnewline & "Please (re)install on " & objRecordSet("name")
	else
	end if
objRecordSet.MoveNext
WEND

' Message to let user know script has ended
WScript.Echo "I'm done checking!"

' Ping host
' Return true if host responds
' Return false if host does not anwser
Function Ping(strHost)
	dim objPing, objRetStatus

	set objPing = GetObject("winmgmts:{impersonationLevel=impersonate}").ExecQuery ("select * from Win32_PingStatus where address = '" & strHost & "'")

	for each objRetStatus in objPing
		if IsNull(objRetStatus.StatusCode) or objRetStatus.StatusCode<>0 then
			Ping = False
		else
			Ping = True
		end if
	next
End Function
    :48444
Reply
  • 0

    I use the following vbs script to check for host that are in the Sophos DB, have not reported to the console for 3 days but are responding to a ping.

    Maybe this is what you need or otherwise you could adopt it and modify it for your use case.

    Notice that it is for a SEC 5.0 DB (we are still at that release) but I think it also works for higher versions.

    The user that executes the script must have read access to the Sophos DB.

    ' Joost Bakker
' 29-04-2011
' Script to check for hosts that have not reported to the Sophos management
' console for 3 days (or at all) but do respond to a ping.


option explicit

Dim objConnection, objRecordSet, strConnection, strDataSource, strDatabase

' define variables
' SQL server URL:
strDataSource = "sqlserver.domain.com"
' Database name:
strDatabase = "SOPHOS50"
strConnection = "Provider=SQLOLEDB;" & "Data Source=" & strDataSource & ";" & "Initial Catalog=" & strDatabase & ";" & "Integrated Security=SSPI"

'Set objects
Set objConnection = CreateObject("ADODB.Connection")
Set objRecordSet = CreateObject("ADODB.Recordset")

' Message to let user know what the script is doing
WScript.Echo "This script will check for hosts that have not reported to the Sophos management console " & vbnewline & " for 3 days (or at all) but do respond to a ping." & vbnewline & vbnewline & "This can take some time so please be patient."

' connect to DB
objConnection.Open strConnection
' Do query
objRecordSet.Open "SELECT name FROM ComputersAndDeletedComputers WHERE (LastMessageTime <= GetUTCDate() - 3 OR managed = 'false') AND Deleted = 'false' ORDER BY NAME ASC", objConnection, 3

' Loopt trough record set
objRecordSet.MoveFirst
WHILE NOT objRecordSet.EOF
	' If host reponds to ping presend user with a nice message.
	If Ping(objRecordSet("name")) = True then
		WScript.Echo  "Host " & objRecordSet("name") & " responds to a ping but has not made contact with the management server for 3 days (or at all)." & vbnewline & "Please (re)install on " & objRecordSet("name")
	else
	end if
objRecordSet.MoveNext
WEND

' Message to let user know script has ended
WScript.Echo "I'm done checking!"

' Ping host
' Return true if host responds
' Return false if host does not anwser
Function Ping(strHost)
	dim objPing, objRetStatus

	set objPing = GetObject("winmgmts:{impersonationLevel=impersonate}").ExecQuery ("select * from Win32_PingStatus where address = '" & strHost & "'")

	for each objRetStatus in objPing
		if IsNull(objRetStatus.StatusCode) or objRetStatus.StatusCode<>0 then
			Ping = False
		else
			Ping = True
		end if
	next
End Function
    :48444
Children
No Data
Cookie Information Banner