First and foremost, endpoint detection relies on the endpoint client components. Some companies disable these, not realizing what they are missing, but you haven't, right? The detection process itself is initiated by the ASP page InstallAndDetect.asp
, which fires up the detection module on the client and sends over the core detection logic (<UAG Path>\von\InternalSite\Detection.vbs
) via a special JavaScript (<UAG Path>\von\InternalSite\scripts\detection.js
). The detection VBScript is executed on the client itself, collects the various parameters, and then sends them back to the server as value sets.
As you can see in the following screenshot, this is the function that checks if Norton 360 (an Antivirus product) is installed. It checks this by using the function Whale. FileSystem.Exist
, which checks for the existence of a file on the endpoint's hard drive.
If the file is found, the result value AV_Norton360_Installed is set to true
, a Boolean
value...