Takin’ matters into my own hands: Sunbelt’s CounterSpy

I’ve been playing with Sunbelt Software’s CounterSpy lately. I think the product does what it claims to do fairly well however the management console is somewhat lacking.

I ended up writing my own CounterSpy inventory scanner to extract CounterSpy configurations from target systems. I can use this scanner to easily determine which systems need to be updated with either a new client or new C0unterSpy definitions.

I admit that I was excited when I came across the SBAMCommandLineScanner.exe utility. I thought, “Sweet, I can just use this little guy to find out the agent version, definition version, apply new updates, etc”. Unfortunately I froze the CounterSpy service on two of my lab systems when I attempted to use this utility to  A) extract the definitions version, and B) apply new definitions.

Anyway, I digress. Here is an easy way to extract the following information from CounterSpy agents.

To find out which CounterSpy Policy Service Server is assigned to a target  go to the Registry path HKLM\SOFTWARE\SBAMSvc. The value of  “PolicyServiceMachineName” will be your CounterSpy server.

To find out the version of the CounterSpy agent go to HKLM\Software\Sunbelt Software\Sunbelt Enterprise Agent and select (no surprise) “Version”. I also use this location to extract the Install path of Sunbelt.

To find out the current definitions version I append the “Definitions” directory to the InstallPath value I extracted from the registry. For most of my systems the value is

C:\Program Files\Sunbelt Software\SBEAgent\Definitions

I parse the DefVer.txt file to extract the Definitions version as well as the date the new defs were applied.

You can also run the utility “SBAMCommandLineScanner.exe” and then extract the output however, as I mentioned earlier, I ran into problems where this very simple command wouldn’t return at all and within a few minutes the CounterSpy service was hanging. Since I ultimately want to have this data extracted automatically via an inventory scan the last thing I want is to run an external process (SBAMCommandlineScanner) that doesn’t return control.

Here is the very simple output of my utility. (I actually have it output into XML which ultimately goes into my database however I modified the output for this example). It gives me a one stop shop for my desired data.

Windows Administrators kill adware and malware with CounterSpy Output

CounterSpy really has proven to be a great product for finding and killing Adware and Malware. I just needed to streamline the available management capabilities a little bit.