Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Mcafee and Norton Anti Virus definition version

From: "Chris Barber" <cmbarber () gmail com>
Date: Tue, 11 Mar 2008 12:40:54 -0700
If you are so inclined to use Kixtart there are a few UDFs (User
Defined Functions) on the web that can check the age or date of the
various AV products.  If my memory servers Norton/Symantec and McAfee
are available.  check out Kixtart.org.  Also if you want to create an
exe look for kix2exe I use it and it works really well.

Chris.

On Fri, Feb 29, 2008 at 10:56 AM, Micheal Espinola Jr
<michealespinola () gmail com> wrote:

Since we are sharing:

On Windows, I use the kixtart scripting environment for my logon
scripts, and use its built-in "GetFileVersion" function to get the
file versions of the definition files.

There are also command-line utils for various platforms that can do the same.





On Fri, Feb 29, 2008 at 12:18 PM, Brian Johnson
<brian.l.johnson () gmail com> wrote:

I wrote a program that does this sort of thing, unfortunately I can't
share it in whole.  There are some reasonable resources on the web if
you are willing to search around.

For Norton:
The registry key you care about is:
HKLM\SOFTWARE\Symantec\SharedDefs\DefWatch\DefVersion
To decode the value to a data I use the following code (where strValue
is the results of the registry query):

       year = strValue(1) * 256 + strValue(0)
       month = strValue(3) * 256 + strValue(2)
       day = strValue(7) * 256 + strValue(6)
       rev = strValue(16)


For McAfee the registry path you care about are:
HKLM\SOFTWARE\Network Associates\TVD\Shared Components\VirusScan Engine\4.0.xx

with the keys:
szEngineVer
szVirDefDate
szVirDefVer

I don't believe that these decode to a date, if I am wrong please correct me.

These are easy to query with WMI.  Microsoft Script Center is a great
resource on how exactly do to this if you haven't done this before.

Good luck!

On Fri, Feb 22, 2008 at 2:50 PM, Abhinav <kabhinav () gmail com> wrote:


Hello List
 I  am trying to programmitically find out the virus definition version
 of the anti -virus software installed. The two anit-virus we use in
 our company are from Norton and Mcafee.
 Is there a registry key/or windows api/WMI call that I can use which
 can provide me this information?

 Thanks
 -Abhinav







--
ME2
Previous By Date Next
Previous By Thread Next

Current thread: