GetSusp captures the contents of the [HKEY_LOCAL_MACHINE\SOFTWARE\MCAFEE] registry key. If one were to click on the "McAfee Product Log" section under GetSusp.xml, the first few lines show the AV engine version and DAT date. (DAT version is in HEX - but the date will allow you to know if the product is up to date)
"DAT"="C:\\Program Files (x86)\\Common Files\\McAfee\\Engine\\"
"szInstallDir64"="C:\\Program Files (x86)\\Common Files\\McAfee\\Engine\\x64\\"
"szInstallDir32"="C:\\Program Files (x86)\\Common Files\\McAfee\\Engine\\"
If no McAfee product logs exist - it's an indication that no MFE product is running on the machine or a competitive AV product is installed.
Thanks for the reply Vinoo,
This is what I do normally to find the DAT num , point product version and last update date
On Getsusp log > click on product details
Then do a do a CTRL + F on the browser window and then type in engver and hit ok
it will take the search to the REG KEY which points to the virus scan version , DAT version , Last update date etc..
However I could not see if OAS( On access Scan) logs and there entries is picked up or listed by getsusp ( i don;t think it does hence FMR ... )