I recently realized some of our PCs were running a vulnerable version of the Cisco Webex IE ActiveX plugin. More information on the vulnerability can be found here.
Support worked with me to set up a report showing all clients that have vulnerable versions (where the ieatgpc.dll is version <2.1.0.10), so I wanted to share in case others were interested.
First you need to create a new custom data class. In the console, navigate to Settings - Discovery and Inventory - Manage Custom Data Classes, and select New data class. Pick a name (I chose CiscoWebexIECheck) and select OK. Select add attribute, and add 3 total attributes, one called ComputerName, one called Path, one called Version where key/Required is set to No for all. Finally, at the bottom, check the box to "Allow multiple rows from a single computer resource." This will return results if a computer has the dll in more than spot on different rows. Your set up should look like below, select save changes. After saving changes, highlight the new custom data class, and use the hand/finger picker icon to gather the GUID and record it, you'll need it later.
Navigate over to Jobs/Tasks and create a new script task. Select script type VBScript and paste code below. The only change you need to make is toe enter your GUID in the code where it says enteryourGUIDHere.
'********************************************************************************
' NS7.x Custom inventory VBS script to scan for files with a name like ...
'********************************************************************************
strComputer = "."
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set wshShell = WScript.CreateObject( "WScript.Shell" )
strComputerName = wshShell.ExpandEnvironmentStrings( "%COMPUTERNAME%" )
dim nse
set nse = WScript.CreateObject ("Altiris.AeXNSEvent")
nse.To = "{1592B913-72F3-4C36-91D2-D4EDA21D2F96}" ' Don't modify this GUID
nse.Priority = 1
set objDCInstance = nse.AddDataClass ("{enteryourGUIDHere}")
set objDataClass = nse.AddDataBlock (objDCInstance)
set objDataClass = nse.AddDataBlock (objDCInstance)
Set objCIMObj = objWMIService.ExecQuery("SELECT Drive, Path, FileName, Extension, Version FROM CIM_DataFile where FileName = 'ieatgpc'")
For each objInfo in objCIMObj
set objDataRow = objDataClass.AddRow 'Add a new row
objDataRow.SetField 0, CStr(strComputerName)
fullPath = objInfo.Drive + objInfo.Path + objInfo.FileName + "." + objInfo.Extension
objDataRow.SetField 1, fullPath
objDataRow.SetField 2, objInfo.Version
Next
nse.SendQueued ' Send the NSE data to the NS server
'MsgBox nse.Xml 'Uncomment for testing on local machine
Navigate over to Reports, all reports & create a new custom sql report just entering below (substitute your custom class name if you didn't use CiscoWebexIECheck.
SELECT * FROM Inv_CiscoWebexIECheck
Now you can run your task you created against a test computer and then refresh the report to check the results. Once everything looks good, you can schedule the task (or set up a managed policy setting it to be ongoing) and check the report to make sure all supported workstations are running the dll version 2.1.0.10+.
There may be a more elegant way to do this, but this does the job. Please feel free to give feedback if there's a better way to do it. Thanks to support for working with me.