Anti-virus definition wizard for McAfee

(imported topic written by SystemAdmin)

FYI…

The Anti-virus definition wizard for McAfee Viruscan defaults the relevance so that only the 5200 engine is required. The current engine is 5300.

-Paul

(imported comment written by Danny_Leung91)

Hi Paul,

Thank you for letting us know about this. In the coming weeks. we will be going over the McAfee content to make udpates and modifications. This update will be included in addition to adding support for McAfee 8.7 for the Client Manager for Anti-Virus site.

If you need an immediate work-around, please try modifying the applicability relevance to use the 5300 engine instead of the older 5200.

After the wizard completes and the ‘Edit Task’ dialog displays, modify the relevance by substituting the following:

(exists key “HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\AVEngine” whose (exists value “EngineVersionMajor” whose ((it as string contains “.” AND it as string as version = “5.3.00”) OR (it as string does not contain “.” AND it as string as integer = 5300)) of it) of registry)

-Danny

(imported comment written by SystemAdmin)

Yeah, that’s exactly what I did back when I posted that.

Thanks

-Paul

(imported comment written by SystemAdmin)

FYI… The Anti-virus definition wizard still assumes the client must only have the 5200 engine. The 5400 engine is the current one.

Can we eventually get this updated?

For a current workaround, just make it >= 5.2.00 and >=5200

Example for the 5864 definitions…

(exists running application “vshwin32.exe” OR exists running application “mcshield.exe”) AND (exists value whose (name of it = “szProductVer” AND it as string starts with “8.5”) of keys “HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection” of registry) AND (not exists value whose ((name of it = “AVDatVersion”) AND (it as string does not contain “.” AND it as string as version >= “5864”)) of keys “HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\AVEngine” of registry) AND (exists key “HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\AVEngine” whose (exists value “EngineVersionMajor” whose ((it as string contains “.” AND it as string as version >= “5.2.00”) OR (it as string does not contain “.” AND it as string as integer >= 5200)) of it) of registry)

Paul

(imported comment written by BenKus)

Hey Paul,

I believe an update to the Fixlet site will be released very shortly with this change and many others…

Ben

(imported comment written by SystemAdmin)

Yeah I was surprised it wasn’t updated since the last time I mentioned it, almost 10 months ago.

(imported comment written by jessewk)

See here:

http://forum.bigfix.com/viewtopic.php?id=4382