How to Verify a Successful UE-V Installation
To validate the service:
Run sc query uevagentservice
If the service is running you should get confirmation along the following lines (the key is that the service’s state is ‘RUNNING’):
c:\sc query uevagentservice
SERVICE_NAME: uevagentservice
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
To validate the UE-V Agent Driver:
Run sc query uevagentdriver
**
**If the service is running you should get confirmation along the following lines:
c:\sc query uevagentdriver
SERVICE_NAME: uevagentdriverTYPE : 2 FILE_SYSTEM_DRIVER
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
To validate the Agent DLL is being loaded by monitored processes:
-
- Load a program who’s settings are configured to roam (e.g. Notepad.exe)
- Download and install Process Explorer from http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
- In Process Explorer, click on View, then Show Lower Pane
- In Process Explorer, click on View, then Lower Pane View then DLLs
- Click to select Notepad.exe in the process list in the top pane of Process Explorer
- Verify that Microsoft.Uev.AppAgent.dll is listed in the lower pane of Process Explorer. This validates that UE-V has been successfully injected in to the Notepad.exe process.
