Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Mcafee and Norton Anti Virus definition version

From: "Eggleston, Mark" <meggleston () healthpart com>
Date: Wed, 25 Mar 2009 13:44:04 -0400
The post below from last year is very helpful.  Anyone know the regkey
for MacAfee to get the last scan date?

Thanks,

Mark

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Brian Johnson
Sent: Friday, February 29, 2008 12:18 PM
To: "kabhinav....."@gmail.com
Cc: security-basics () securityfocus com
Subject: Re: Mcafee and Norton Anti Virus definition version

I wrote a program that does this sort of thing, unfortunately I can't
share it in whole.  There are some reasonable resources on the web if
you are willing to search around.

For Norton:
The registry key you care about is:
HKLM\SOFTWARE\Symantec\SharedDefs\DefWatch\DefVersion
To decode the value to a data I use the following code (where strValue
is the results of the registry query):

        year = strValue(1) * 256 + strValue(0)
        month = strValue(3) * 256 + strValue(2)
        day = strValue(7) * 256 + strValue(6)
        rev = strValue(16)


For McAfee the registry path you care about are:
HKLM\SOFTWARE\Network Associates\TVD\Shared Components\VirusScan
Engine\4.0.xx

with the keys:
szEngineVer
szVirDefDate
szVirDefVer

I don't believe that these decode to a date, if I am wrong please
correct me.

These are easy to query with WMI.  Microsoft Script Center is a great
resource on how exactly do to this if you haven't done this before.

Good luck!

On Fri, Feb 22, 2008 at 2:50 PM, Abhinav <kabhinav () gmail com> wrote:

Hello List
 I  am trying to programmitically find out the virus definition

version

 of the anti -virus software installed. The two anit-virus we use in
 our company are from Norton and Mcafee.
 Is there a registry key/or windows api/WMI call that I can use which
 can provide me this information?

 Thanks
 -Abhinav


This message, together with any attachments, is intended only for
the use of the individual or entity to which it is addressed. It
may contain information that is confidential and prohibited from
disclosure. If you are not the intended recipient, you are hereby
notified that any dissemination or copying of this message or any
attachment is strictly prohibited. If you have received this
message in error, please notify the original sender immediately by
telephone or by return e-mail and delete this message along with
any attachments, from your computer.

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class.
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified 
Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: