Security Basics mailing list archives
RE: Mcafee and Norton Anti Virus definition version
From: "Eggleston, Mark" <meggleston () healthpart com>
Date: Wed, 25 Mar 2009 13:44:04 -0400
The post below from last year is very helpful. Anyone know the regkey for MacAfee to get the last scan date? Thanks, Mark -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Brian Johnson Sent: Friday, February 29, 2008 12:18 PM To: "kabhinav....."@gmail.com Cc: security-basics () securityfocus com Subject: Re: Mcafee and Norton Anti Virus definition version I wrote a program that does this sort of thing, unfortunately I can't share it in whole. There are some reasonable resources on the web if you are willing to search around. For Norton: The registry key you care about is: HKLM\SOFTWARE\Symantec\SharedDefs\DefWatch\DefVersion To decode the value to a data I use the following code (where strValue is the results of the registry query): year = strValue(1) * 256 + strValue(0) month = strValue(3) * 256 + strValue(2) day = strValue(7) * 256 + strValue(6) rev = strValue(16) For McAfee the registry path you care about are: HKLM\SOFTWARE\Network Associates\TVD\Shared Components\VirusScan Engine\4.0.xx with the keys: szEngineVer szVirDefDate szVirDefVer I don't believe that these decode to a date, if I am wrong please correct me. These are easy to query with WMI. Microsoft Script Center is a great resource on how exactly do to this if you haven't done this before. Good luck! On Fri, Feb 22, 2008 at 2:50 PM, Abhinav <kabhinav () gmail com> wrote:
Hello List I am trying to programmitically find out the virus definition
version
of the anti -virus software installed. The two anit-virus we use in our company are from Norton and Mcafee. Is there a registry key/or windows api/WMI call that I can use which can provide me this information? Thanks -Abhinav
This message, together with any attachments, is intended only for the use of the individual or entity to which it is addressed. It may contain information that is confidential and prohibited from disclosure. If you are not the intended recipient, you are hereby notified that any dissemination or copying of this message or any attachment is strictly prohibited. If you have received this message in error, please notify the original sender immediately by telephone or by return e-mail and delete this message along with any attachments, from your computer. ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- RE: Mcafee and Norton Anti Virus definition version Eggleston, Mark (Mar 25)