Are you using ePO or is each of these deployments done standalone? If you're using ePO, you can get this data very easily as there are some built-in reports that can be used or you can take these and customize them to your need.
You can pull it from the registry, HKLM\Software\McAfee\AVEngine or for 64-bit HKLM\Software\Wow6432Node\McAfee\AVEngine. The values are in HEX but you can get both the DAT and engine versions.
Thank you for the replies.
I like the registry method. It is easy to check 10 servers in about 5 minutes by using Connect Remote Registry.
I am now looking at a way to 'Save' the servers I am connecting to (kind of like saving an MMC Console) vs. having to re-add/Connect Network Registry every time I open registry.
Re the ePO reporting method.
Yes, we are using an ePOserver.
It is managed elsewhere. However, I can see if they'd be willing to run the reports automatically on daily basis and send to us.
Where do I direct them into the 'reporting method' ?
Ask your ePO Admins for DAT compliance reporting and also ask them for what their DAT update schedule is. Your ePO admins are going to be the best resource to help determine how to best keep your systems in compliance with applicable standards.
FYI, the most reliable methods are -
- using ePO reports
- inspecting the Application Event log; the data is written in the McLogEvent id 5000 (but note, any later McLogEvent id that is higher than 5000 is indicative of a problem)
The product uses a series of validation checks before it reports the DAT+Engine version to ePO, to ensure that it's reporting accurately that the scanner is enabled and what DAT+Engine version is loaded.
The same validation is exercised when showing data in the VSE "About" window.
Thus you can be confident those data points are accurate. Obtaining the information via other methods, e.g. registry only, does not have the same assurance of being accurate... but, it's probably accurate.
Thank you all for your excellent and helpful input!