1 2 Previous Next 14 Replies Latest reply on Aug 21, 2012 9:28 AM by mjmurra

    How do I "see" if  Extra.DAT is installed?

    soviatt

      Today McAfee release the Extra.DAT for W32/Pift. I recieved the SNS Alert, and dutifully went through the process of downloading, checking in and pushing the DAT, first to my own machine as a trial and then to the enterprise. What really bothers me, and I find very disconcerting is that when I pushed the update from ePO I got absolutely no indication that anything at all happened. I selected all the appropriate machines in the System Tree, then used "Update Now" found via the Actions button and the Agent selection. I expected to observe the process under Server Task Log but the task did not appear. I tried to find evidence of its succeful installation in the System Tree - System Information for my machine but still nothing. I had to drill down into the Products Tab of the System Information screen, then select Virusscan Enterprise and scroll down to the General section to finally confirm that my Extra.Dat push worked.

       

      How crazy is that? It might be ok for my test computer, but I've got over 1500 machines to confirm. I cannot readily see a way to discover what Extra.DAT I may or may not have installed, and whether the task I ran actually fired and pushed the update out. Is there a better way to do this?

       

      ePO 4.6.2.1029

      VSE 8.8

      HIPS 8

        • 1. Re: How do I "see" if  Extra.DAT is installed?
          sdelvecchio

          If you have not already found an answer to this seeing as how another extra DAT was released yesterday, here's how I would accomplish this.

           

          Create a compliance query that shows the compliance status of systems with VirusScan Enterprise and the extra DAT. You should then see you compliance turn green as you deploy.

          • 2. Re: How do I "see" if  Extra.DAT is installed?
            andrep1

            Are you sure this works with ePO 4.6.2 ? I have yet to find where the extra dat field is. I had the impression it was removed.

            • 3. Re: How do I "see" if  Extra.DAT is installed?
              soviatt

              I do not see "Extra Dat" as an available property whe I try to edit or create criteria for a query.

              • 4. Re: How do I "see" if  Extra.DAT is installed?
                andrep1

                Anyway, I've modified the current McAfee VSE product view as a separate query that shows the superdat name. This query has to be run against you ePO database and can't be imported in ePO.

                 

                SELECT     B.AutoID AS LeafNodeID, dbo.EPOProductProperties.AutoID AS ProductPropertiesID, 'VIRUSCAN' AS ProductFamily, 'VirusScan Enterprise' AS FamilyDispName,

                                      CASE WHEN EPOProductProperties.ProductCode IS NULL THEN '' ELSE EPOProductProperties.ProductCode END AS ProductCode,

                                      CASE WHEN EPOProductVersions.verProductMajor IS NULL THEN 0 ELSE EPOProductVersions.verProductMajor END AS verProductMajor,

                                      CASE WHEN EPOProductVersions.verProductMinor IS NULL THEN 0 ELSE EPOProductVersions.verProductMinor END AS verProductMinor,

                                      CASE WHEN EPOProductVersions.verProductRevision IS NULL THEN 0 ELSE EPOProductVersions.verProductRevision END AS verProductRevision,

                                      CASE WHEN EPOProductVersions.verProductBuild IS NULL THEN 0 ELSE EPOProductVersions.verProductBuild END AS verProductBuild,

                                      CASE WHEN EPOProductVersions.verDAT32Major IS NULL THEN 0 ELSE EPOProductVersions.verDAT32Major END AS verDAT32Major,

                                      CASE WHEN EPOProductVersions.verDAT32Minor IS NULL THEN 0 ELSE EPOProductVersions.verDAT32Minor END AS verDAT32Minor,

                                      CASE WHEN EPOProductVersions.verEngine32Major IS NULL THEN 0 ELSE EPOProductVersions.verEngine32Major END AS verEngine32Major,

                                      CASE WHEN EPOProductVersions.verEngine32Minor IS NULL THEN 0 ELSE EPOProductVersions.verEngine32Minor END AS verEngine32Minor,

                                      CASE WHEN EPOProductVersions.verEngine64Major IS NULL THEN 0 ELSE EPOProductVersions.verEngine64Major END AS verEngine64Major,

                                      CASE WHEN EPOProductVersions.verEngine64Minor IS NULL THEN 0 ELSE EPOProductVersions.verEngine64Minor END AS verEngine64Minor,

                                      CASE WHEN EPOProductVersions.verHotfix IS NULL THEN 0 ELSE EPOProductVersions.verHotfix END AS verHotfix,

                                      CASE WHEN EPOProductProperties.ProductVersion IS NULL THEN '' ELSE EPOProductProperties.ProductVersion END AS ProductVersion,

                                      CASE WHEN EPOProductProperties.Language IS NULL THEN '' ELSE EPOProductProperties.Language END AS Language,

                                      CASE WHEN EPOProductProperties.Hotfix IS NULL THEN '' ELSE EPOProductProperties.Hotfix END AS Hotfix,

                                      CASE WHEN EPOProductProperties.ServicePack IS NULL  THEN '' ELSE EPOProductProperties.ServicePack END AS ServicePack,

                                      CASE WHEN EPOProductProperties.DATVer IS NULL  THEN '' ELSE EPOProductProperties.DATVer END AS DATVer,

                                      CASE WHEN EPOProductProperties.ExtraDATNames IS NULL  THEN '' ELSE EPOProductProperties.ExtraDATNames END AS ExtraDATNames,

                                      CASE WHEN EPOProductProperties.EngineVer IS NULL THEN '' ELSE EPOProductProperties.EngineVer END AS EngineVer,

                                      CASE WHEN EPOProductProperties.EngineVer64 IS NULL THEN '' ELSE EPOProductProperties.EngineVer64 END AS EngineVer64,

                                      CASE WHEN EPOProductProperties.LicenseStatus IS NULL THEN '' ELSE EPOProductProperties.LicenseStatus END AS LicenseStatus

                FROM         dbo.EPOLeafNode AS A INNER JOIN

                                      dbo.EPOProductProperties ON A.AutoID = dbo.EPOProductProperties.ParentID INNER JOIN

                                      dbo.EPOProductFamilies ON dbo.EPOProductProperties.ProductCode = dbo.EPOProductFamilies.ProductCode AND

                                      dbo.EPOProductFamilies.ProductFamily = 'VIRUSCAN' INNER JOIN

                                      dbo.EPOProductVersions ON dbo.EPOProductProperties.AutoID = dbo.EPOProductVersions.ParentID RIGHT OUTER JOIN

                                      dbo.EPOLeafNode AS B ON A.AutoID = B.AutoID

                 

                 

                tag this line at the end of the query to only show devices with extra dats:

                 

                where ExtraDATNames is not null and ExtraDATNames <> 'N/A'     

                • 5. Re: How do I "see" if  Extra.DAT is installed?
                  sdelvecchio

                  Correction: Just create a compliance report for VirusScan Enterprise and DAT. Once the query is created, select the compliant or non-compliant to get to the column view and add the following column from the VirusScan section "Extra DAT (VirusScan Enterprise)"

                   

                  Like this:

                  EDat.png

                  • 6. Re: How do I "see" if  Extra.DAT is installed?
                    soviatt

                    Thanks for your help sdelvecchio, but I don't think the Extra DAT is available in my ePO. Here are the options I am presented with under the VirusScan Enterprise Properties ( and they are always the same no matter which way I get to them - old query, new query, etc.)

                     

                    DAT Version

                    Engine (x64) Version

                    Engine Version

                    Hotfix/Patch Version

                    Language

                    License Status

                    Product Version

                    Service Pack

                     

                    Perhaps Andre Parent is right? It's not in this ePO release? or could on pull it out of SQL somehow? I'm not a SQL guy, but i know a couple...

                    • 7. Re: How do I "see" if  Extra.DAT is installed?
                      soviatt

                      Oh. I just saw Andre's other post. Will "play" with that.....

                      • 8. Re: How do I "see" if  Extra.DAT is installed?
                        sdelvecchio

                        I'm running ePO 4.6.2 (Build: 234). If this is the build you have and you don't see it, check to make sure your extensions are up to date.

                        1 of 1 people found this helpful
                        • 9. Re: How do I "see" if  Extra.DAT is installed?
                          soviatt

                          Ugh. I errored in my post. I'm running 4.6.0.1029 not 4.6.2.1029. My bad, sorry. Perhaps if I updated I'd see the properties you describe? I'll have to get up to speed now. Thank you again for your help.

                          1 2 Previous Next