8 Replies Latest reply on Oct 6, 2012 11:55 AM by czql5v

    Manual dat checks

    czql5v

      Hi All,

       

      Is there a way to check that client machines have the latest .DAT files other than using the EPO management console or the Mcaffe icon in system tray?

       

      What I was hoping to achive was to map a drive to a client machine - for example  \\clientmachine\c$  navigating to the mcaffee file path. Is there any file that can be checked on the client that would allow me to know the latest .DAT file picked up by the client?

       

      Thanks very much for any information.

       

      Regards.

       

      Peter F.

        • 1. Re: Manual dat checks
          Laszlo G

          You can check the avvscan.dat file under C$\program files\commone files\McAfee\Engine and see if the modified date was yesterday or today

          • 2. Re: Manual dat checks
            czql5v

            Hi Laszlo G

             

            Thanks for the reply

             

            I can't seem to find the path under a client machine only c:\program files\ common files\mcafee\    ....   then \ common framwork and \virusscan enterprise.

             

            Thanks.

            • 3. Re: Manual dat checks
              Laszlo G

              Are you realy looking under c:\program files\common files\McAfee? Beucause the folders you're talking about are usually under c:\program files\mcafee (not a common files folder here)

              • 4. Re: Manual dat checks
                czql5v

                Thats interesting, I will recheck and report back. I think it was the wrong link.

                • 5. Re: Manual dat checks

                  We're using SCOM with a VBScript I wrote to check if the systems have the latest DAT.

                   

                  Here's a small part of the script that retrieves the DAT date (RegDatDateValue) and version (RegDatVersionValue):

                   

                  '-- Check if we're running on x64 ----------------------------

                  Set WshShell = WScript.CreateObject("WScript.Shell")

                  WshShell.RegRead "HKLM\Software\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)"

                   

                  If Err.Number = 0 Then

                      RegEpoRoot = "HKLM\SOFTWARE\Wow6432Node\Network Associates\ePolicy Orchestrator"

                  Else

                      RegEpoRoot = "HKLM\SOFTWARE\Network Associates\ePolicy Orchestrator"

                      Err.clear

                  End If

                  '-------------------------------------------------------------

                   

                  '-- Get VSE 8.8 DAT properties -------------------------------

                  RegDatDateKey = RegEpoRoot + "\Application Plugins\VIRUSCAN8800\DatDate"

                  RegDatDateValue = WshShell.RegRead(RegDatDateKey)

                  RegDatVersionKey = RegEpoRoot + "\Application Plugins\VIRUSCAN8800\DATVersion"

                  RegDatVersionValue = WshShell.RegRead(RegDatVersionKey)

                  '-------------------------------------------------------------

                  • 6. Re: Manual dat checks
                    alexn

                    I ran the first Query on SQL 2005 and got this error

                     

                    Msg 102, Level 15, State 1, Line 1

                    Incorrect syntax near '='.

                    Msg 156, Level 15, State 1, Line 7

                    Incorrect syntax near the keyword 'Then'.

                     

                     

                    and for secon script this error

                     

                     

                    Msg 102, Level 15, State 1, Line 1

                    Incorrect syntax near '='.

                     

                     

                    Can you also right a script to export VSE policies from SQL DB?

                    • 7. Re: Manual dat checks
                      rmetzger

                      Hi czql5v,

                       

                      I have used this code from inside a batch file (both 32 and 64 bit Windows 7 and XP):

                      set AVDatVersion=

                      for /F "usebackq skip=2 tokens=2*" %%v in (`"Reg" QUERY "HKLM\SOFTWARE\McAfee\AVEngine" /v "AVDatVersion" 2^>NUL`) do set AVDatVersion=%%v
                      echo Installed Version=%AVDatVersion%

                      This seems to work on the currently supported versions of VSE, that I have found. Reg.exe is version 3.0 or above, (Windows XP and up).

                       

                      If you download the latest gdeltaavv.ini you can compare the value embedded within it to %AVDatVersion% and take whatever action that you deem appropriate.

                      for /F "usebackq skip=2 delims== tokens=1,2*" %%m in (`Find /I "CurrentVersion" "gdeltaavv.ini" 2^>NUL`) do set CurrentVersion=%%n

                      echo Current Version=%CurrentVersion%

                      if /i %CurrentVersion% GTR %AVDatVersion% goto UpdateDAT

                      .

                      .

                      .

                      :UpdateDAT

                      .

                      .

                      .

                       

                      Hopefully this helps.

                       

                      Ron Metzger

                      • 8. Re: Manual dat checks
                        czql5v

                        Hi Metzger, Alex Stewart, Mischaboender, and Lazlo G,

                         

                        Thanks for taking the time to reply to my request. I will attempt to run the scripts to see whether i am able to get what i need from the update.

                         

                        Once again

                         

                        Thanks All.