1 2 Previous Next 10 Replies Latest reply: Sep 12, 2013 10:34 AM by bullpup22 RSS

    wrong DATVersion in registry

    mcdave

      Hi,

       

      On a few clients the DATVersion in the registry "HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator\Application Plugins\VIRUSCAN8700" is wrong while the client is up to date (it reports correctly in epo) but our vulnerability scanner uses this registry key.
      This results in false positives how does it come that the info in the registry is wrong and how can I fix it?

      Will this keyvalue be updated when I delete it?

       

      regards,

      Dave

        • 1. Re: wrong DATVersion in registry
          Tristan

          What operating system? Have they been rebooted recently (or stop and restart the McAfee services)?

           

          What is the value against the 'DATInstallDate' key? and what is in the 'AVDATVersion' key in HKLM\Software\McAfee\AVEngine

           

          All my 8.7 installs (on Win2K) report the correct DAT version against both keys.

           

           

          The other option is to use the 'AVDatVersion' key in HKLM\Software\McAfee\AVEngine in your vulnerability scanner.

          • 2. Re: wrong DATVersion in registry
            mcdave

            OS: Win 2008 R2

            Yes the server has been rebooted twice yesterday.

             

            The Values in "HKLM\Software\McAfee\AVEngine" are also wrong ('AVDATVersion' = "2010/02/15")

            It are the same values as in "HKLM\Software\Network Associates\ePolicy Orchestrator\Application Plugins\VIRUSCAN8700"
            It also reports the wrong installed HotFix version (2 instead of 5)

             

            I tried to fix it with a "repair" without improvements.

            • 3. Re: wrong DATVersion in registry
              Tristan

              32bit or 64bit?

               

              All the registry values would suggest that the machine is not up to date and not updating.  I assuming that you've checked what DAT version is reported in the 'about' box when you right click on the agent taskbar icon.

               

              This isn't a virtual machine by any chance? Possibly what your seeing in ePO is not the details of this particular computer but a duplicated entry of cloned VM instance that is updating correctly.

              • 4. Re: wrong DATVersion in registry
                mcdave

                it's a 64bit.
                The version in the aboutbox is correct.
                It's no virtual Machine

                • 5. Re: wrong DATVersion in registry
                  strongy

                  Get your vuln scanner to check the following location for 64 bit system's.

                   

                  HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Network Associates\ePolicy Orchestrator\Application Plugins\VIRUSCAN8700

                  • 6. Re: wrong DATVersion in registry
                    mcdave

                    Indeed that key contains the correct information, but I can't change the vulnerability check of our vulnerability scanner
                    And we do have other similar 64bit systems that doesn't have the issue?

                    • 7. Re: wrong DATVersion in registry
                      strongy

                      I have seen this behavior before. I am not 100% sure. But I think it may have something to do with UAC during the Agent install.

                       

                      Maybe check if it's enabled / disbaled, change to the other. remove and re-install the Agent / VSE on those systems?

                       

                      Not tried it myself, but worth a try.

                       

                      Maybe by changing UAC in itself may solve it too ?

                       

                      Message was edited by: strongy on 28/03/12 05:00:33 CDT
                      • 8. Re: wrong DATVersion in registry
                        alexn

                        To manually FIX the registry issue:

                        1. Click Start, Run, type regedit, and click OK.
                             
                              Windows Vista or 7 users, right-click regedit in the results and select Run as Administrator.
                             
                              
                        2. Navigate to the appropriate location below:
                             
                             
                          • 32-bit systems: HKLM\Software\McAfee\AVEngine, AVDatVersion
                          • 64-bit systems:  HKLM\Software\Wow6432Node\McAfee\AVEngine, AVDatVersion
                                   
                                    
                             
                        3. In the right pane, right-click and select New, DWORD value, and name the new value AVDatVersion.
                        4. Double-click AVDatVersion and set the Value data to 0.
                        5. Close the registry editor.

                        OR  download SUper DAT file extract it and run exe on the affected system.

                        • 9. Re: wrong DATVersion in registry
                          Frankwijers

                          I seem to also have this issue at a client. It comes back very unregular, at multiple servers.

                           

                          UAC is turned off for these servers.

                          All run McAfee Enterprise 8.8 patch 1.

                           

                          The registry seems to retain an older version at some point.

                          Though it is reporting the correct version to epolicy correctly.

                           

                          Restarting the "McShield" service seems to resolve the issue.

                          Unfortunately, this happens at a lot of server, and I cannot ask our operations department to restart these services that often.

                           

                          Is there any way to stop this "error"?

                          1 2 Previous Next