PDQ.com mobilePDQ.com desktop

Takin’ matters into my own hands: Sunbelt’s CounterSpy

Shane CorellianShane Corellian

I’ve been playing with Sunbelt Software’s CounterSpy lately. I think the product does what it claims to do fairly well however the management console is somewhat lacking.

I ended up writing my own CounterSpy inventory scanner to extract CounterSpy configurations from target systems. I can use this scanner to easily determine which systems need to be updated with either a new client or new C0unterSpy definitions.

I admit that I was excited when I came across the SBAMCommandLineScanner.exe utility. I thought, “Sweet, I can just use this little guy to find out the agent version, definition version, apply new updates, etc”. Unfortunately I froze the CounterSpy service on two of my lab systems when I attempted to use this utility to  A) extract the definitions version, and B) apply new definitions.

Anyway, I digress. Here is an easy way to extract the following information from CounterSpy agents.

To find out which CounterSpy Policy Service Server is assigned to a target  go to the Registry path HKLM\SOFTWARE\SBAMSvc. The value of  “PolicyServiceMachineName” will be your CounterSpy server.

To find out the version of the CounterSpy agent go to HKLM\Software\Sunbelt Software\Sunbelt Enterprise Agent and select (no surprise) “Version”. I also use this location to extract the Install path of Sunbelt.

To find out the current definitions version I append the “Definitions” directory to the InstallPath value I extracted from the registry. For most of my systems the value is

C:\Program Files\Sunbelt Software\SBEAgent\Definitions

I parse the DefVer.txt file to extract the Definitions version as well as the date the new defs were applied.

You can also run the utility “SBAMCommandLineScanner.exe” and then extract the output however, as I mentioned earlier, I ran into problems where this very simple command wouldn’t return at all and within a few minutes the CounterSpy service was hanging. Since I ultimately want to have this data extracted automatically via an inventory scan the last thing I want is to run an external process (SBAMCommandlineScanner) that doesn’t return control.

Here is the very simple output of my utility. (I actually have it output into XML which ultimately goes into my database however I modified the output for this example). It gives me a one stop shop for my desired data.

CounterSpy really has proven to be a great product for finding and killing Adware and Malware. I just needed to streamline the available management capabilities a little bit.

Ready to get started?

Take our 14-day Free Trial.
This round is on us!

Don't miss the next post!

Using PowerShell to Install Printers

When installing printers, we will need to do the four things; Add Driver to the Store, Install the Driver, Create Printer Port, and Install the Printer