On a few clients the DATVersion in the registry "HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator\Application Plugins\VIRUSCAN8700" is wrong while the client is up to date (it reports correctly in epo) but our vulnerability scanner uses this registry key.
This results in false positives how does it come that the info in the registry is wrong and how can I fix it?
Will this keyvalue be updated when I delete it?
What operating system? Have they been rebooted recently (or stop and restart the McAfee services)?
What is the value against the 'DATInstallDate' key? and what is in the 'AVDATVersion' key in HKLM\Software\McAfee\AVEngine
All my 8.7 installs (on Win2K) report the correct DAT version against both keys.
The other option is to use the 'AVDatVersion' key in HKLM\Software\McAfee\AVEngine in your vulnerability scanner.
OS: Win 2008 R2
Yes the server has been rebooted twice yesterday.
The Values in "HKLM\Software\McAfee\AVEngine" are also wrong ('AVDATVersion' = "2010/02/15")
It are the same values as in "HKLM\Software\Network Associates\ePolicy Orchestrator\Application Plugins\VIRUSCAN8700"
It also reports the wrong installed HotFix version (2 instead of 5)
I tried to fix it with a "repair" without improvements.
32bit or 64bit?
All the registry values would suggest that the machine is not up to date and not updating. I assuming that you've checked what DAT version is reported in the 'about' box when you right click on the agent taskbar icon.
This isn't a virtual machine by any chance? Possibly what your seeing in ePO is not the details of this particular computer but a duplicated entry of cloned VM instance that is updating correctly.
Get your vuln scanner to check the following location for 64 bit system's.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Network Associates\ePolicy Orchestrator\Application Plugins\VIRUSCAN8700
Indeed that key contains the correct information, but I can't change the vulnerability check of our vulnerability scanner
And we do have other similar 64bit systems that doesn't have the issue?
I have seen this behavior before. I am not 100% sure. But I think it may have something to do with UAC during the Agent install.
Maybe check if it's enabled / disbaled, change to the other. remove and re-install the Agent / VSE on those systems?
Not tried it myself, but worth a try.
Maybe by changing UAC in itself may solve it too ?
Message was edited by: strongy on 28/03/12 05:00:33 CDT
To manually FIX the registry issue:
OR download SUper DAT file extract it and run exe on the affected system.
I seem to also have this issue at a client. It comes back very unregular, at multiple servers.
UAC is turned off for these servers.
All run McAfee Enterprise 8.8 patch 1.
The registry seems to retain an older version at some point.
Though it is reporting the correct version to epolicy correctly.
Restarting the "McShield" service seems to resolve the issue.
Unfortunately, this happens at a lot of server, and I cannot ask our operations department to restart these services that often.
Is there any way to stop this "error"?