Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
3656 Views 10 Replies Latest reply: Sep 12, 2013 10:34 AM by bullpup22 RSS 1 2 Previous Next
mcdave Apprentice 210 posts since
Jul 20, 2004
Currently Being Moderated

Mar 27, 2012 5:41 AM

wrong DATVersion in registry

Hi,

 

On a few clients the DATVersion in the registry "HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator\Application Plugins\VIRUSCAN8700" is wrong while the client is up to date (it reports correctly in epo) but our vulnerability scanner uses this registry key.
This results in false positives how does it come that the info in the registry is wrong and how can I fix it?

Will this keyvalue be updated when I delete it?

 

regards,

Dave

  • Tristan Veteran 790 posts since
    Dec 8, 2009
    Currently Being Moderated
    1. Mar 27, 2012 5:54 AM (in response to mcdave)
    Re: wrong DATVersion in registry

    What operating system? Have they been rebooted recently (or stop and restart the McAfee services)?

     

    What is the value against the 'DATInstallDate' key? and what is in the 'AVDATVersion' key in HKLM\Software\McAfee\AVEngine

     

    All my 8.7 installs (on Win2K) report the correct DAT version against both keys.

     

     

    The other option is to use the 'AVDatVersion' key in HKLM\Software\McAfee\AVEngine in your vulnerability scanner.

  • Tristan Veteran 790 posts since
    Dec 8, 2009
    Currently Being Moderated
    3. Mar 27, 2012 7:02 AM (in response to mcdave)
    Re: wrong DATVersion in registry

    32bit or 64bit?

     

    All the registry values would suggest that the machine is not up to date and not updating.  I assuming that you've checked what DAT version is reported in the 'about' box when you right click on the agent taskbar icon.

     

    This isn't a virtual machine by any chance? Possibly what your seeing in ePO is not the details of this particular computer but a duplicated entry of cloned VM instance that is updating correctly.

  • strongy The Place at McAfee Member 13 posts since
    Aug 17, 2011
    Currently Being Moderated
    5. Mar 27, 2012 1:00 PM (in response to mcdave)
    Re: wrong DATVersion in registry

    Get your vuln scanner to check the following location for 64 bit system's.

     

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Network Associates\ePolicy Orchestrator\Application Plugins\VIRUSCAN8700

  • strongy The Place at McAfee Member 13 posts since
    Aug 17, 2011
    Currently Being Moderated
    7. Mar 28, 2012 5:00 AM (in response to mcdave)
    Re: wrong DATVersion in registry

    I have seen this behavior before. I am not 100% sure. But I think it may have something to do with UAC during the Agent install.

     

    Maybe check if it's enabled / disbaled, change to the other. remove and re-install the Agent / VSE on those systems?

     

    Not tried it myself, but worth a try.

     

    Maybe by changing UAC in itself may solve it too ?

     

    Message was edited by: strongy on 28/03/12 05:00:33 CDT
  • alexn Veteran 722 posts since
    Aug 9, 2012
    Currently Being Moderated
    8. Aug 28, 2012 11:52 AM (in response to mcdave)
    Re: wrong DATVersion in registry

    To manually FIX the registry issue:

    1. Click Start, Run, type regedit, and click OK.
         
          Windows Vista or 7 users, right-click regedit in the results and select Run as Administrator.
         
          
    2. Navigate to the appropriate location below:
         
         
      • 32-bit systems: HKLM\Software\McAfee\AVEngine, AVDatVersion
      • 64-bit systems:  HKLM\Software\Wow6432Node\McAfee\AVEngine, AVDatVersion
               
                
         
    3. In the right pane, right-click and select New, DWORD value, and name the new value AVDatVersion.
    4. Double-click AVDatVersion and set the Value data to 0.
    5. Close the registry editor.

    OR  download SUper DAT file extract it and run exe on the affected system.


    Post Timings: 6.00 AM to 3.00PM PDT
  • Frankwijers Newcomer 5 posts since
    Mar 30, 2009
    Currently Being Moderated
    9. Oct 1, 2012 6:03 AM (in response to alexn)
    Re: wrong DATVersion in registry

    I seem to also have this issue at a client. It comes back very unregular, at multiple servers.

     

    UAC is turned off for these servers.

    All run McAfee Enterprise 8.8 patch 1.

     

    The registry seems to retain an older version at some point.

    Though it is reporting the correct version to epolicy correctly.

     

    Restarting the "McShield" service seems to resolve the issue.

    Unfortunately, this happens at a lot of server, and I cannot ask our operations department to restart these services that often.

     

    Is there any way to stop this "error"?

1 2 Previous Next

More Like This

  • Retrieving data ...

Bookmarked By (1)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points