How to find Dell Security vulnerability Dbutil_2_3.sys using Symantec Inventory Solution

There a multiple options to report which computers are affected by the vulnerability.

  1. Option: Use Custom Inventory to report on the affected Computers – Symantec created a KB with a Custom Inventory Script that can be used.
  2. Option: Use the Build-in Inventory File Scan to report on the affected Computers
    In the SMP Console navigate to Manage -> Policies -> Discovery and Inventory -> Inventory and create a new Policy -> configure a Custom schedule
check File properties – manufactuter, version, size, internal name, etc.

Click Advanced and click on File Properties Scan Settings

uncheck all Dataclasses
On the Folders Tab add Folder C:\users and C:\windows\temp
On the Files Tab create a new File rule with the FileName equals dbutil_2_3.sys
If a Computer is affected you will find the Data in the Installed File Details Dataclass

Use this SQL Query to create a Report on the affected Computers

If you want to create a Report just copy the SQL Query
select vc.name, vc.[user], fd.Name, fd.Path
from vcomputer vc
inner join Inv_Installed_File_Details fd
on vc.Guid = fd._ResourceGuid
where fd.Name like 'dbutil%.sys'

Kommentar verfassen

Trage deine Daten unten ein oder klicke ein Icon um dich einzuloggen:

WordPress.com-Logo

Du kommentierst mit Deinem WordPress.com-Konto. Abmelden /  Ändern )

Google Foto

Du kommentierst mit Deinem Google-Konto. Abmelden /  Ändern )

Twitter-Bild

Du kommentierst mit Deinem Twitter-Konto. Abmelden /  Ändern )

Facebook-Foto

Du kommentierst mit Deinem Facebook-Konto. Abmelden /  Ändern )

Verbinde mit %s