Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 1 subscriber
  • Views 4276 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to run a program after scan is finished?

strubbel

Currently we run Sophos scans on the client machines during work hours. Because this slows machines down, we want to scan the machines nightly. Waking up the machines is not a big point, but because on some machines scans run fast and on others they might need hours, I wonder how we can manage that a program (shutdown) is run after the scan job has finished?

I assume others do nightly scans with shut downs, too?

:20415


This thread was automatically locked due to age.
Parents
  • 0

    Hello strubbel,

    while I don't need this functionality it poses an interesting challenge. What would Gyro Gearloose (or Daniel Düsentrieb) do? Well, here's some pieces of VBS code cobbled together.I've done only rudimentary testing so use at your own risk. The shutdown is not implemented - I leave this to you (you should perhaps put in some safeguards). The script should be started before the scan. The are two places marked  ===== configure ===== (you can guess why).

    ' --------- 
' the name of the log is usually the name of the scan
' (unless the file is locked, then a number is appended
'  the script does not check for this)
' ===== configure ===== 
    strScanname = "Scan all" 
    strScanlog = SAVLogDir() & strScanname & ".txt" 
strScanended = "whoops"
blnScanrunning = FALSE 
strComputer = "." 
     
Set objWMIService = GetObject("winmgmts:" _
 & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
 
strQuery = "SELECT * FROM __InstanceModificationEvent WITHIN 10 WHERE " _
           & "TargetInstance ISA 'CIM_DataFile' AND " _
           & "TargetInstance.Name='" & strScanlog & "'"

' check every 10 seconds for an event 
Set colMonitoredEvents = objWMIService.ExecNotificationQuery _
  ("SELECT * FROM __InstanceModificationEvent WITHIN 10 WHERE " _
  & "TargetInstance ISA 'CIM_DataFile' AND " _
  & "TargetInstance.Name='" & strScanlog & "'")

Do
  Set objLatestEvent = colMonitoredEvents.NextEvent
  intNSize = objLatestEvent.TargetInstance.FileSize
  intOSize = objLatestEvent.PreviousInstance.FileSize
  If blnScanrunning Then
     strScanended = ScanStatus(strScanname, strScanlog)
     If strScanended <> "not run" Then
        Exit Do
     End If 
  Else
     blnScanrunning = blnScanrunning OR (IntNSize <> intOSize)
  End If
  
Loop

' If we get here, the scan has finished
' and we can shut down 
Wscript.Echo strScanended & ", proceed to shutdown"
'---------------------
'---------------------
' Function ScanStatus aborted completed
Function ScanStatus (strName, strLog)

Const ForReading = 1
ScanStatus = "not run"

Set objFSO = CreateObject("Scripting.FileSystemObject")
    ' localize the below two lines as needed
' ===== configure ===== 
    strAborted   = "Scan '" & strName & "' aborted"       
strCompleted = "Scan '" & strName & "' completed"

Set objFile = objFSO.OpenTextFile(strLog, ForReading, FALSE, vbUseDefault)
strContents = objFile.ReadAll
objFile.Close

If InStr(1, strContents, strCompleted, vbTextCompare) Then
    ScanStatus = strCompleted
End If

If InStr(1, strContents, strAborted, vbTextCompare) Then
    ScanStatus = strAborted
End If

Set objFSO = nothing

End Function

'---------------------
' Read the SAV Log directory location from the registry
Function SAVLogDir

Const HKEY_LOCAL_MACHINE = &H80000002
strRootKeyPath = "SOFTWARE"
strSubKeyPath = "SOFTWARE\Sophos\SAVService\Application"

Set objRegistry = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")

objRegistry.EnumKey HKEY_LOCAL_MACHINE, strRootKeyPath, arrRootSubKeys
For each objRootSubKey in arrRootSubKeys
  If (objRootSubKey="Wow6432Node") Then
    blnIs64 = TRUE
  End If
Next
If blnIs64 Then
     strSubKeyPath = "SOFTWARE\Wow6432Node\Sophos\SAVService\Application"
End If

objRegistry.GetStringValue HKEY_LOCAL_MACHINE, strSubKeyPath, "LogDir", strLogDir
SAVLogDir = replace(strLogDir,"\","\\") & "\\"

Set objRegistry = nothing

End Function

     
    Christian

    :21037
Reply
  • 0

    Hello strubbel,

    while I don't need this functionality it poses an interesting challenge. What would Gyro Gearloose (or Daniel Düsentrieb) do? Well, here's some pieces of VBS code cobbled together.I've done only rudimentary testing so use at your own risk. The shutdown is not implemented - I leave this to you (you should perhaps put in some safeguards). The script should be started before the scan. The are two places marked  ===== configure ===== (you can guess why).

    ' --------- 
' the name of the log is usually the name of the scan
' (unless the file is locked, then a number is appended
'  the script does not check for this)
' ===== configure ===== 
    strScanname = "Scan all" 
    strScanlog = SAVLogDir() & strScanname & ".txt" 
strScanended = "whoops"
blnScanrunning = FALSE 
strComputer = "." 
     
Set objWMIService = GetObject("winmgmts:" _
 & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
 
strQuery = "SELECT * FROM __InstanceModificationEvent WITHIN 10 WHERE " _
           & "TargetInstance ISA 'CIM_DataFile' AND " _
           & "TargetInstance.Name='" & strScanlog & "'"

' check every 10 seconds for an event 
Set colMonitoredEvents = objWMIService.ExecNotificationQuery _
  ("SELECT * FROM __InstanceModificationEvent WITHIN 10 WHERE " _
  & "TargetInstance ISA 'CIM_DataFile' AND " _
  & "TargetInstance.Name='" & strScanlog & "'")

Do
  Set objLatestEvent = colMonitoredEvents.NextEvent
  intNSize = objLatestEvent.TargetInstance.FileSize
  intOSize = objLatestEvent.PreviousInstance.FileSize
  If blnScanrunning Then
     strScanended = ScanStatus(strScanname, strScanlog)
     If strScanended <> "not run" Then
        Exit Do
     End If 
  Else
     blnScanrunning = blnScanrunning OR (IntNSize <> intOSize)
  End If
  
Loop

' If we get here, the scan has finished
' and we can shut down 
Wscript.Echo strScanended & ", proceed to shutdown"
'---------------------
'---------------------
' Function ScanStatus aborted completed
Function ScanStatus (strName, strLog)

Const ForReading = 1
ScanStatus = "not run"

Set objFSO = CreateObject("Scripting.FileSystemObject")
    ' localize the below two lines as needed
' ===== configure ===== 
    strAborted   = "Scan '" & strName & "' aborted"       
strCompleted = "Scan '" & strName & "' completed"

Set objFile = objFSO.OpenTextFile(strLog, ForReading, FALSE, vbUseDefault)
strContents = objFile.ReadAll
objFile.Close

If InStr(1, strContents, strCompleted, vbTextCompare) Then
    ScanStatus = strCompleted
End If

If InStr(1, strContents, strAborted, vbTextCompare) Then
    ScanStatus = strAborted
End If

Set objFSO = nothing

End Function

'---------------------
' Read the SAV Log directory location from the registry
Function SAVLogDir

Const HKEY_LOCAL_MACHINE = &H80000002
strRootKeyPath = "SOFTWARE"
strSubKeyPath = "SOFTWARE\Sophos\SAVService\Application"

Set objRegistry = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")

objRegistry.EnumKey HKEY_LOCAL_MACHINE, strRootKeyPath, arrRootSubKeys
For each objRootSubKey in arrRootSubKeys
  If (objRootSubKey="Wow6432Node") Then
    blnIs64 = TRUE
  End If
Next
If blnIs64 Then
     strSubKeyPath = "SOFTWARE\Wow6432Node\Sophos\SAVService\Application"
End If

objRegistry.GetStringValue HKEY_LOCAL_MACHINE, strSubKeyPath, "LogDir", strLogDir
SAVLogDir = replace(strLogDir,"\","\\") & "\\"

Set objRegistry = nothing

End Function

     
    Christian

    :21037
Children
No Data
Cookie Information Banner