cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 12

Endpoint Security 10.5.4 determine virus definition date

We are moving from VirusScan Enterprise to Endpoint Security.

One of the scripts we run checks our systems to see if they are running the latest Virus Definition Dat file. It did this by checking the date listed in the registry key found here
HKLM\Software\McAfee\AVEngine\AVDatDate
or
HKLM\Software\WOW6432Node\McAfee\AVEngine\AVDatDate

If that date was more than 5 days old the script would let warn us that we would need to go check why that system was not updating.

Is there something similar with EndPoint Security 10.5.4?

NOTE: This script does a lot of checks of various other things, and combines them all into one report, I'm trying to save us the hassel of having to log into our ePO server just to check this one issue.

11 Replies
twenden
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 12

Re: Endpoint Security 10.5.4 determine virus definition date

We don't use scripts but checking the registry key on a Windows 10 system running ENS Threat Prevention 10.5.4 I have found the registry key that mentions the AMCore version. With ENS the DATs have been replaced with AMCore. The today's AMCore version is 3340.

The registry key on my system is as follows:

HKLM\Software\McAfee\Endpoint\AV\AVCM

The key name under that is called CMajor. 

 

 

rharper
Level 8
Report Inappropriate Content
Message 3 of 12

Re: Endpoint Security 10.5.4 determine virus definition date

We used the same technique to determine current virus definition date for VSE (reading registry).  As we are upgrading to ENS, we are now unable to read the registry settings for ENS dat file version/date when logged in as non-administrator.   RegQueryValue returns 'not exist'.  Can't even see with regedit.  There has got to be a way to programmatically retrieve current installed version.

rharper
Level 8
Report Inappropriate Content
Message 4 of 12

Re: Endpoint Security 10.5.4 determine virus definition date

Forgot to mention that this is only happening on WIN10 laptops. Can read the needed registry values on WIN7 laptops.
AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 12

Re: Endpoint Security 10.5.4 determine virus definition date

Hi @rharper,

Thank you for your post.

May I know if you are seeing for ENS 10.6 + versions?

If yes, May I know if you have looked at "Computer\HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\AVSolution\DS\DS"

DWORD: dwContentMajorVersion

I have tested both the key locations on my Win 10 machines, I am able to look it up fine. I would recommend having this looked at via n SR since not being able to even view the keys seems like a problem as it is not the expected behavior.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
rharper
Level 8
Report Inappropriate Content
Message 6 of 12

Re: Endpoint Security 10.5.4 determine virus definition date

Thanks for the response!  ENS Ver 10.7.  On a WIN7 HKLM\SOFTWARE\McAfee\AVSolution\DS\DS is accessible logged in as non-administrator and I am able to read key dwContentMajorVersion.   On my WIN10 only able to see/access above key if I login as administrator.  Otherwise the subkey AVSolution is not accessible programmatically or even viewable (using regedit) if I log in as our users do.  I wonder if our dept. that sets up our WIN10 laptops have set a policy in regards to the registry? 

AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 12

Re: Endpoint Security 10.5.4 determine virus definition date

Hi @rharper,

Thank you for your quick response. I have not tried as a non admin user. Kindly please bear with me while I test this and get back top you shortly!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
rharper
Level 8
Report Inappropriate Content
Message 8 of 12

Re: Endpoint Security 10.5.4 determine virus definition date

... and what is 'via n SR '?
AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 9 of 12

Re: Endpoint Security 10.5.4 determine virus definition date

Hi @rharper,

My bad, It is a Typo, it must have been via "an" SR. Sr here stands for Service Request.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
rharper
Level 8
Report Inappropriate Content
Message 10 of 12

Re: Endpoint Security 10.5.4 determine virus definition date

OK.  I've notified my manager that a Service Request might be needed.  One of my colleagues suggested that possibly ENS might be preventing access to some McAfee registry keys in order to protect itself?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community