- 1 Product Description
- 1.1 Known Versions
- 2 Software Pattern Summary
- 3 Platforms Supported by the Pattern
- 4 Identification
- 5 Versioning
- 6 Application Model Produced by Software Pattern
- 6.1 Software Pattern Model
- 6.1.1 SI Depth
- 6.1.2 Relationship Creation
- 7 Differences to 6.x approach
- 8 Subject Matter Expertise
- 9 Testing
- 10 Information Sources
- 11 Open Issues
- Discover with BMC ADDM
-
This product can be discovered by any edition of BMC Atrium Discovery and Dependency Mapping. Download our free Community Edition to try it out, or see what else it can discover!
- What is this?
- This is a product information page, containing details of the information that BMC Atrium Discovery gathers about a product and how it is obtained.
- Product Name
- VirusScan
- Publisher Page
- Category
- Release
- Change History
- Reports & Attributes
- Publisher Link
- McAfee
Product Description
McAfee has branched their VirusScan product into different products, each of them relating to a specific computing environment, whether it's home, small business, or enterprise. We have focused our attention on a product called McAfee VirusScan Enterprise, which focuses its scope on Enterprise Business, and combines virus detection and elimination, intrusion prevention and firewall technology in a single solution for PCs and file servers.
Known Versions
- 6.0
- 7.0
- 8.0
- 8.5
- 9.0
- 10.0
Software Pattern Summary
| Product Component | OS Type | Versioning | Pattern Depth |
|---|---|---|---|
| McAfee VirusScan | Windows | Package | Instance-based |
Platforms Supported by the Pattern
The pattern identifies instances of McAfee VirusScan on the Windows platform.
Identification
Software Instance Triggers
| Product Component | OS Type | Trigger Node | Attribute | Condition | Argument |
|---|---|---|---|---|---|
| McAfee VirusScan | Windows | DiscoveredProcess | cmd | matches | regex '(?i)\bvstskmgr\.exe$' |
| or | |||||
| regex '(?i)\bVirusScan[^\\]*\\scan32\.exe$' | |||||
| or | |||||
| regex '(?i)\bmcshield\.exe$' |
Simple Identification Mappings
The following processes are identified by the pattern, the identification is performed at two levels - processes listed below are identified through the use of Simple Identifiers and in addition, they are modeled within a full Software Instance for McAfee VirusScan (See Application Model Produced by Software Pattern for more details about the approach taken to model this product).
There are Simple Identifiers for the following processes:
| Component Name | OS Type | Command |
|---|---|---|
| Alert Manager | Windows | (?i)\bamgrsrvc\.exe$ |
| VirusScan Framework Service | (?i)\bframeworkservice\.exe$ | |
| VirusScan On-demand Virus Scanner process | (?i)\bVirusScan[^\\]*\\scan32\.exe$ | |
| VirusScan Shield (Internet Security On-Access scanner) | (?i)\bmcshield\.exe$ | |
| VirusScan Updater UI | (?i)\bUpdaterUI\.exe$ | |
| VirusScan Enterprise Console | (?i)\bmcconsol\.exe$ | |
| VirusScan Shstat | (?i)\bshstat\.exe$ | |
| VirusScan Task Manager | (?i)\bvstskmgr\.exe$ | |
| Error Reporting Service | (?i)\btbmon\.exe$ | |
| Common Framework Script Engine | (?i)\bmcscript_inuse\.exe$ | |
| ePolicy Orchestrator Product Manager | (?i)\bnaprdmgr\.exe$ | |
| ePolicy Orchestrator System Compliance Profiler Microsoft Patch Scan | (?i)\bptchscan\.exe$ |
Versioning
We currently collect version information for the product using one method.
Package Versioning
Foundation executes a search for the installed packages and tries to match them against the following regular expression:
- ^McAfee VirusScan
When it finds a match, it extracts the version for McAfee VirusScan from the package information. Should it match on more than one package, the version information is extracted from the first package.
Application Model Produced by Software Pattern
Software Pattern Model
The pattern triggers on one of three processes, as shown in section Software Instance Triggers.
SI Depth
The pattern creates an Instance-Based (Deep) Software Instance, as our data shows that there can only be one instance of McAfee VirusScan running on a specific host. The key it uses to identify the Instance is based on process type (McAfee VirusScan) and host key.
Relationship Creation
Prime Processes
This pattern performs a search for all the processes running on the host, and then matches them against a set of regular expressions, listed below:
| Pattern Name | Regular Expression |
|---|---|
| McAfee VirusScan | (?i)\bvstskmgr\.exe$ |
| (?i)\bVirusScan[^\\]*\\scan32\.exe$ | |
| (?i)\bmcshield\.exe$ |
All of the processes that match one of these regular expressions are then associated, as prime processes, to the Software Instance.
Related Processes
This pattern performs a search for all the processes running on the host, and then matches them against a set of regular expressions, listed below:
| Pattern Name | Regular Expression |
|---|---|
| McAfee VirusScan | (?i)\bshstat\.exe$ |
| (?i)\bframeworkservice\.exe$ | |
| (?i)\bUpdaterUI\.exe$ |
All of the processes that match one of these regular expressions are then associated, as related processes, to the Software Instance.
Differences to 6.x approach
Where Foundation 6.x used to go no further than creating a Footprint SPVI for McAfee VirusScan, Foundation v7 is now able to create an Instance-Based (Deep) Software Instance, the details of which are explained in Section SI Depth.
Subject Matter Expertise
Testing
We tested the processes related to McAfee VirusScan against record data concerning Windows platforms. This allowed us to verify that the pattern correctly triggers and versions the product with the Package method.
Information Sources
virus/file servers desktops/virusscan enterprise 80i.html McAfee VirusScan Enterprise Official Website provided valuable information as to where McAfee has directed its VirusScan product.
Open Issues
| TOP |
|---|
Created by: Edoardo 12:31, 29 October 2007 (PDT)
Reviewed by: Rebecca 11:31, 23 November 2007 (GMT)
Tideway Blog