We are moving from VirusScan Enterprise to Endpoint Security.
One of the scripts we run checks our systems to see if they are running the latest Virus Definition Dat file. It did this by checking the date listed in the registry key found here
HKLM\Software\McAfee\AVEngine\AVDatDate
or
HKLM\Software\WOW6432Node\McAfee\AVEngine\AVDatDate
If that date was more than 5 days old the script would let warn us that we would need to go check why that system was not updating.
Is there something similar with EndPoint Security 10.5.4?
NOTE: This script does a lot of checks of various other things, and combines them all into one report, I'm trying to save us the hassel of having to log into our ePO server just to check this one issue.
We don't use scripts but checking the registry key on a Windows 10 system running ENS Threat Prevention 10.5.4 I have found the registry key that mentions the AMCore version. With ENS the DATs have been replaced with AMCore. The today's AMCore version is 3340.
The registry key on my system is as follows:
HKLM\Software\McAfee\Endpoint\AV\AVCM
The key name under that is called CMajor.
We used the same technique to determine current virus definition date for VSE (reading registry). As we are upgrading to ENS, we are now unable to read the registry settings for ENS dat file version/date when logged in as non-administrator. RegQueryValue returns 'not exist'. Can't even see with regedit. There has got to be a way to programmatically retrieve current installed version.
Hi @rharper,
Thank you for your post.
May I know if you are seeing for ENS 10.6 + versions?
If yes, May I know if you have looked at "Computer\HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\AVSolution\DS\DS"
DWORD: dwContentMajorVersion
I have tested both the key locations on my Win 10 machines, I am able to look it up fine. I would recommend having this looked at via n SR since not being able to even view the keys seems like a problem as it is not the expected behavior.
Thanks for the response! ENS Ver 10.7. On a WIN7 HKLM\SOFTWARE\McAfee\AVSolution\DS\DS is accessible logged in as non-administrator and I am able to read key dwContentMajorVersion. On my WIN10 only able to see/access above key if I login as administrator. Otherwise the subkey AVSolution is not accessible programmatically or even viewable (using regedit) if I log in as our users do. I wonder if our dept. that sets up our WIN10 laptops have set a policy in regards to the registry?
Hi @rharper,
Thank you for your quick response. I have not tried as a non admin user. Kindly please bear with me while I test this and get back top you shortly!
Hi @rharper,
My bad, It is a Typo, it must have been via "an" SR. Sr here stands for Service Request.
OK. I've notified my manager that a Service Request might be needed. One of my colleagues suggested that possibly ENS might be preventing access to some McAfee registry keys in order to protect itself?
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA