5 Replies Latest reply on Feb 13, 2009 6:56 AM by rajeshpv

    How to programatically track 1.On-Access Scanner 2.Buffer Overflow Protection setting

      Hi,
      We have our own patent tool which monitors few system configurations, of which are McAfee On-Access Scanner and Buffer Overflow Protection.
      So can you help us understand to track those settings programmatically.

      What do we need exactly?


      How can we programmatically find the values of On-Access Scanner (Enabled/Disabled)


      How can we programmatically find the value of Buffer Overflow Protection (Enabled/Disabled)

      • How to programmatically identify McAfee (8.0 and higher versions are installed on a machine)



      Any help is highly appreciated

      Thanks
      rajesh pv
        • 1. How to programatically track 1.On-Access Scanner 2.Buffer Overflow Protection setting
          Hi everybody,

          can anyone help me to reach concerned group or person, to find solution to my query.

          Looking fwd for response

          Thanks
          Rajesh PV
          • 2. RE: How to programatically track 1.On-Access Scanner 2.Buffer Overflow Protection setting
            have you tried digging around in the registry?

            i am running 8.5 and i do see the product version listed at hklm\software\mcafee\desktop\protection\ as "szProductVer"

            i thought OAS was listed somewhere in here also (not sure about buffer overflow), but i don't see either right now.

            look around a bit if you haven't and see if you can locate them. either under mcafee or network associates.
            • 3. How to programatically track 1.On-Access Scanner 2.Buffer Overflow Protection setting
              Hi jsuuronen,

              Thanks for the response.
              But I could not find the same pattern in 8.0 version and that is the reason I have included in my query list.

              These are the following areas I have checked to get the McAfee Installed version
              1. unistall path of McAfee (No similar pattern)
              2. Install path of McAfee (No similar patten)
              3. HKLM\SOFTWARE\MICROSOFT\WINDOWS\CurrentVersion\INSTALLER\USERDATA\S-1-5-18\Prod ucts\** (NO SIMILAR PATTERN)
              4. HKLM\SOFTWARE\NETWORK ASSOCIATES\E POLICY ORCHESTRATOR\APPLICATION PLUG IN\VIRUS SCAN <VERSION>
              (THIS WAS THE ONLY ONE WHICH I COULD SEE BETTER MATCHING PATTERN, I VERIFIED IT AGAINST 8.0 AND 8.5 VERSION, DO NOT KNOW THE RESULT FOR LOWER VERSIONS)

              I COULD NOT FIND ANY REGISTRY ENTRY FOR ON-ACCESS SCANNER
              BUT FOUND ONE FOR BUFFER OVERFLOW PROTECTION.
              AND AGAIN NO SIMILAR PATTERN FOR BUFFER OVERFLOW PROTECTION IN ALL VERSION

              ANY HELP IS HIGHLY APPRECIATED

              Thanks
              Rajesh PV
              • 4. RE: How to programatically track 1.On-Access Scanner 2.Buffer Overflow Protection setting
                hi,

                i did not mean to imply that it was the same pattern, just something similar, though possibly under another name.

                i am looking at a machine running 8.0 and i see the product version at..

                "hklm\software\network associates\tvd\virusscan enterprise\current version" under "szProductVer"

                again, i do not see anything saying buffer overflow is enabled (though I see the BOP definitions under the key szEngineVer), or anything for OAS. what key did you find for the BOP?

                there are several other bits in here which you may find useful as well, such as engine version (szEngineVer), DAT version (szVirDefVer), or DAT date (szVirDefDate).

                if you find the location of the information you are looking for, please post back here as others may find the information useful but you may have better luck contacting mcafee themselves.

                good luck,
                jim
                • 5. How to programatically track 1.On-Access Scanner 2.Buffer Overflow Protection setting
                  Hi

                  Here are my few observations:
                  registry key information for McAfee Version, On-Access Scanner and Buffer Overflow Protection properties


                  FOR VERSION : 8.0

                  VERSION - HKLM\SOFTWARE\NETWORK ASSOCIATES\TVD\VIRUS SCAN ENTERPRISE\CURRENTVERSION - sZProductVer

                  ON-ACESS SCANNER - *********NO DATA AVAILABLE**************

                  BUFFER OVERFLOW PROTECTION - HKLM\SOFTWARE\NETWORK ASSOCIATES\TVD\SHARED COMPONENTS\ON ACCESS SCANNER\BEHAVIOURBLOCKING -EnterceptEnabled

                  ----------------------------------------------------------
                  FOR VERSION 8.5
                  VERSION - HKLM\SOFTWARE\McAfee\DesktopProtection -szProductVer

                  ON-ACESS SCANNER - HKLM\SOFTWARE\McAfee\DesktopProtection - bNetShieldEnabled

                  BUFFER OVERFLOW PROTECTION - HKLM\SOFTWARE\McAfee\VSCORE\ON ACCESS SCANNER\BEHAVIOURBLOCKING - BOPEnabled
                  ----------------------------------------------------------


                  Happy coding!!

                  Thanks
                  rajesh pv