2 Replies Latest reply on May 31, 2010 11:10 AM by epository

    report on Agent Wake-Up Communication Port after port change !!

    tonyharding

      Is there anywhere that i can run a report and see which agents are using what port for the Agent Wake-Up Communication Port.

       

      I have changed the Agent Wake-Up Communication Port from the standard one and redeployed the agents to most machines. I notice that I can see the Agent Wake-Up Communication Port if i look at the computer details but can not find anyway of running a report to find it out.

       

      Is there anyway of doing this ?

       

      EPO 4 by the way.

       

      many thanks

       

      Tony

        • 1. Re: report on Agent Wake-Up Communication Port after port change !!
          epository

          The Agent.ini should contain that information.......but to pull it from the network.......ek.

           

          I dont think there is any report you could do, but you could possibly do something with psexec and a batch script.

           

          Deploy this batch with psexec

           

          ::==
          @echo off
          setLocal EnableDelayedExpansion

          for /f "tokens=* delims= " %%a in (myfile) do (
          echo do my commands on %%a
          )
          ::==

          but pipe the results to a sharedrive.  Use a list of computer names or IP's in a text document to feed psexec

           

          It would looks something like this (I think)

           

          psexec -c -d @computerlist.txt readagentini.bat >> \\Sharedfolder\%computername%.txt

           

          Theoretically, this would run the batch file on each computer and dump the contents from agent.ini into a text file into the shared folder (whereever you created that).

           

          The text file generated should have the computername as the name of the text file.

           

          Then you could just use "find" to search alll of the text files to get what you needed.  It should dump the line AgentPingPort from all of your .txt files and record the name of the .txt file it pulled it from.

           

          find /i *.txt "AgentPingPort" >> pingportresult.txt

           

           

          Solution #2   - IF the port number is recorded anywhere in the registry AND IF Mcafee Access Protection will allow it......

           

          A .vbs script to pull registry keys - you would have to mod this since now it is just pulling AGENTGUID values.....


          'This will pull IP addresses out of a text file and search those IP's and write the registry key
          'to the file lame.txt.

          'You will also need a text file of IP addresses named IP_list.txt

          '**************************************************************
          'WARNING, YOU WILL HAVE TO CREATE THE FILE lame.txt BEFORE RUNNING!'
          '****************************************************************

          'it will also give you a count at the end.

          On Error Resume Next

          Const ForReading = 1
          Const ForWriting = 2

          'You will have to change the following line if you are looking at a different hive!!!

          Const HKEY_LOCAL_MACHINE = &H80000002

          Set objFSO = CreateObject("Scripting.FileSystemObject")
          Set objTextFile = objFSO.OpenTextFile _
              ("IP_list.txt", ForReading)

          strcount = 1

          Do Until objTextFile.AtEndOfStream

          strComputer = objTextFile.ReadLine

          Set objRegistry = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")

          strKeyPath = "SOFTWARE\Network Associates\ePolicy Orchestrator\Agent"

          strValueName = "AgentGUID"

          objRegistry.GetExpandedStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue

          strNewText = strNewText & strComputer & " " & strValue & vbCrLf


          wscript.echo strcomputer & " " & strcount & strvalue

          Strcount = strcount + 1


          Loop

          objTextFile.Close

          Set objTextFile = objFSO.OpenTextFile _
              ("lame.txt", ForWriting)

          objTextFile.Write(strNewText)
          objTextFile.Write(strcount)

          objTextFile.Close

           

          That being said, wouldn't all of these show up as Rogues anyway?

          • 2. Re: report on Agent Wake-Up Communication Port after port change !!
            epository

            Quick update:  Havent found the port listed in the registry anywhere.

             

            No need to deploy the batch.  Use psexec like this utilizing the "type" command.....

             

            psexec -d @Computerlist.txt type "C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\agent.ini" >> \\<machinename>\<sharename>\%computername%.txt

             

             

            Try it on a few computers at first, there may be some modding with quotation marks.

             

            And you will probably have to run it with an Admin account.

             

            This should fill up that share with .txt documents named after the computers it pulled the contents of the Agent.ini file from.

             

            When complete, parse thru with "find" command.