2 Replies Latest reply on Oct 25, 2010 7:40 PM by Vinod R

    FMR

    Vinod R

      Request all Posters to route all Feature Requests on This thread.. This will help all at a later point of time

       

       

      Vinoo first one from me

       

      1. OAS/ODS logs

           Does the current Getsusp capture and report the McAfee Product OAS?

      Reason:

      OAS/ODS  will show what our DATs already know. can come quite handy.(technically must be quite easy as its merely a log from appdata folder)

       

      in most cases this would not be large ( < 150 KB)unless someone has enabled verbose or there is a serious file infector on the machine

        • 1. Re: FMR
          vinoo

          Hi Vinod,

           

          GetSusp captures the contents of the [HKEY_LOCAL_MACHINE\SOFTWARE\MCAFEE] registry key. If one were to click on the "McAfee Product Log" section under GetSusp.xml, the first few lines show the AV engine version and DAT date. (DAT version is in HEX - but the date will allow you to know if the product is up to date)

           

          [HKEY_LOCAL_MACHINE\SOFTWARE\MCAFEE\AVEngine]
          "DAT"="C:\\Program Files (x86)\\Common Files\\McAfee\\Engine\\"
          "szInstallDir64"="C:\\Program Files (x86)\\Common Files\\McAfee\\Engine\\x64\\"
          "szInstallDir32"="C:\\Program Files (x86)\\Common Files\\McAfee\\Engine\\"
          "EngineVersionMajor"=dword:00001518
          "EngineVersionMinor"=dword:00000486

          "AVDatVersion"=dword:000017fe
          "AVDatDate"="2010/10/20"

           

          If no McAfee product logs exist - it's an indication that no MFE product is running on the machine or a competitive AV product is installed.

          • 2. Re: FMR
            Vinod R

            Thanks for the reply Vinoo,

             

             

            This is what I do normally to find the DAT num , point product version and last update date

             

            On Getsusp log > click on product details

             

            Then do a  do a CTRL + F on the browser window  and then type in engver and hit ok

            it will take the search to the REG KEY which points to the virus scan version , DAT version , Last update date etc..

             

             

            However I could not see if OAS( On access Scan) logs and there entries  is picked up or listed by getsusp ( i don;t think it does hence FMR ... )

             

            Regards

            Vinod

             

            eg-

             

            1.JPG