Is there a way to determine the AMCore content version from the registry or file system?
Yes. Perform the following steps: • From the registry: 1. Navigate to the following registry key: [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\AVSolution\DS\DS]\ 2. Convert the major and minor version from hexadecimal to decimal. In the following example, the version is 2556.0. "dwContentMajorVersion"=dword:000009fc (000009fc is 2556 in decimal) "dwContentMinorVersion"=dword:00000000 (00000000 is 0 in decimal)
With ENS 10.5.0 (and later) and ENS 10.2.1 (and later), the following date and time registry keys are also present. In the following example, the AMCore content was built on March 22, 2017 at 08:44:00 GMT.
"szContentCreationDate"=reg_sz:"2017-03-22" (formatted date yyyy-mm-dd) "szContentCreationTime"=reg_sz:"08:44:00" (formatted time hh:mm:ss)
From the file system (if managed by ePolicy Orchestrator): Locate the value of AvManifestVersion in the file C:\Program Files\McAfee\Endpoint Security\Threat Prevention\AvContentMgr.xml. In the following example, the version is 2591.0: 2591.0