OfficeScan 10.6: Scanning/Monitoring Tool

I recently found myself using a hard-to-find OfficeScan Database scanning tool that reports any issues it finds within the OfficeScan Server application directory. I thought it would be great if I could automate/schedule the tool, but the tool is only an executable that works only in interactive mode with a GUI. Thankfully, I found that these issues are all problems that can be discovered via PowerShell script! So I created a PowerShell version of the tool.

This script scans for issues with the OfficeScan server (10.5 / 10.6), and either auto-remedies or send an email based on the seriousness of what is found. The queries are based off of what certain stand-alone tools from Trend search for when it comes to the local DB and application health of the OfficeScan server.

This is meant to be a scheduled script that runs on OSCE servers.
– Checks whether debug is enabled, and cleans old compressed 7z debug logs
– Checks whether .tmp files exist in $($TrendPath)Temp that should be cleaned up
– Checks whether .dmp files exist due to a crash dump, and send an email to DL to open a ticket with Trend if not older than 30 day dumps
– Are backups scheduled

Version History:
– v1.0 – 07/24/14

Download the script from TechNet: OfficeScan 10.6: Scanning/Monitoring Tool [Run as A Scheduled Script]

NOTE: This is not a “download and run” script. You need to modify who the mail message would be sent to (such as distribution list or individual), and the location of the scheduled script’s logging location. Works on PowerShell v2 and up!

Fragment sample from the script:

$CheckScheduledBackup = (Get-ItemProperty "HKLM:\SOFTWARE\Wow6432Node\TrendMicro\Database Backup").Frequence
if ($CheckScheduledBackup -eq 0) {
  $MailMessageBody += "ALERT: Scheduled backups are NOT ENABLED. Please configure backups via the OSCE web console."

$CheckDebug = (Get-Process logserver.exe -ErrorAction SilentlyContinue)
if ($CheckDebug) {
  if (Test-Path "$($TrendPath)Log\ofcdebug*7z") {
    Stop-Process logserver.exe -Force
    $ExtraDebugLogs = Get-ChildItem $($TrendPath)Log\ofcdebug*7z
    $ExtraDebugLogsCount = $ExtraDebugLogs.Count
    Remove-Item $ExtraDebugLogs -Force
    $MailMessageBody += "ALERT: Debugging was found enabled. Logserver.exe has been stopped, and excess logs deleted." + `
    "`tThe current $($TrendPath)Log\ofcdebug.log still remains.`n"

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s