[PacketFence-users] WMI scan usage

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi all!

I'm pretty new to Packetfence and can't get WMI scans to work.
I'm trying to trigger some actions based on WMI scan result. For example, check any PC joined to corporate network by WMI, and if specific antivirus is not present, isolate that PC. Whatever I do, the only security event that occurs is "System scan" with id 1200001, regardless of antivirus present or not. I've created custom security event with id 3000006 and need to trigger only this event if WMI can't find necessary antivirus. I've created custom WMI rule, but it doesn't work and even not seen anywhere in logs. I can't understand WMI scan result and actions logic.
Any help will be appreciated.
Thanks in advance!

Regards,
Elvin