I am guessing that you are working in an 'Unmanaged' VSE environment or otherwise I would suggest leaving it to ePO.
Since this is used within a batch file, do your 'List of Return Codes' mean ERRORLEVEL? Using ERRORLEVEL values only work after executing a command and the value is lost after the console is closed or another program changes the value.
If you are trying to decide whether to install a new patch based on the current patch level, the current patch version is kept in the Registry and can be read from within a batch file.
Here are a couple of snippets of code that might be helpful: (I am assuming VSE v8.8 is installed, which needs to be checked in your environment.)
I show 2 different ReadPatch routines for you to choose from. I think the first one is the most reliable, but it is slower.
setlocal EnableExtensions EnableDelayedExpansion
if /i %_VSE.Patch% LEQ 1 (
rem Put code here to install Patch 2, etc.
if /i %_VSE.Patch% GEQ 2 (
if /i !_VSE.Patch! LEQ 5 (
rem Put code here to install Patch 6, etc.
echo VSE Patch Level = %_VSE.Patch%
call :SetErrLvl %_VSE.Patch%
exit /b %ERRORLEVEL%
exit /b %1
for /L %%L in (0 1 12) do (
for /F "usebackq skip=2 tokens=1-2*" %%G in (`Reg QUERY "HKLM\SOFTWARE\McAfee\DesktopProtection" /v "Patch_%%L" 2^>NUL`) do (
if /i "%%~G"=="Patch_%%L" (set _VSE.Patch=%%L)
:: Alternative, works with VSE v8.8 only.
for /F "usebackq skip=2 tokens=1-2*" %%G in (`Reg QUERY "HKLM\SOFTWARE\Network Associates\ePolicy Orchestrator\Application Plugins\VIRUSCAN8800" /v "HotFixVersions" 2^>NUL`) do (
if /i "%%~G"=="HotFixVersions" (set _VSE.Patch=%%I)
I strongly advise not changing any of the registry values or keys, but simply QUERY. This bit of code will most likely need to change with each VSE version and Patch version. And in your environment, please TEST, TEST, TEST, before using this code in production.
Hope this helps.
How is it going? Like any help? Comments?