4 Replies Latest reply on Feb 16, 2010 10:15 AM by epository

    McUpdate.exe Through WMI

      Hi all

      I have my clients set up to report back to a central Alert share and I parse through these alert files to give me a rough idea of the clients current status' on a daily basis (we don't have ePo).

      I'm launching McUpdate.exe (to run a sig update) programmatically on some remote clients if they are out of date, using remote WMI calls. While this works fine, the message returned from the clients to the central Alert share is always :

      Update successful, DAT version 0, Engine version 0

      On checking manually, they actually have updated fine, they just report back incorrectly.

      The clients are a mix of V8.0 and V8.5. Both versions of McUpdate.exe do this.

      Has anyone else seen this or is doing similar things programmatically?

        • 1. RE: McUpdate.exe Through WMI
          To launch an AutoUpdate or Mirror task using MCUPDATE.EXE use the following syntax:
          McUpdate /Task {TaskGUID} /Update where {TaskGUID} is the Task ID number found in the registry at the following key:

          'HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan

          NOTE: The syntax for the Mirror task is the same as for the AutoUpdate task.

          The task executed is controlled by the Task ID.

          To have the task execute silently, without the popup message, add '/QUIET' to the command line:

          McUpdate /Task {TaskGUID} /Update /QUIET

          You can use psexec to do this

          psexec @servers.txt -u user -p psswd "McUpdate /Task {TaskGUID} /Update"
          • 2. RE: McUpdate.exe Through WMI
            That's exactly what I'm doing.

            What I mean is that the alert text file returned to the central share always reports the new DAT and engine versions as zero (and that the update was successful) when that execution syntax is called remotely using WMI. If the client is then checked manually, it's updated fine.

            If left alone and the AutoUpdate task allowed to run as scheduled, it reports back the correct new DAT and Engine versions, so it's obviously something to do with WMI (or the way it's called etc).

            The account that the remote WMI session runs under is a local admin of the client and is also the account which is used to run the AutoUpdate task.
            • 3. RE: McUpdate.exe Through WMI
              Just looking for the command to enter again to force an update.

              mcupdate /update /quiet seems to work without the task parameter also silly
              • 4. Re: RE: McUpdate.exe Through WMI

                psexec @OldAV_02_16_2010.txt "C:\Program Files\McAfee\VirusScan Enterprise\mcupdate.exe" /update /quiet


                If you get back error code 0, it worked.


                Recommend using the /quiet to tstop the phone calls.