Check the virus def. version in SEP using analysis

system · January 19, 2012, 4:05am

(imported topic written by EKKH_Riff_Khan)

Hi!

Can someone please paste the relevance language they are using in analysis to return the date for when virus definitions were updated in SEP?

Thanks!

system · January 19, 2012, 5:39pm

(imported comment written by mcalvi91)

here is what we are using

if ((exists key 
"HKEY_LOCAL_MACHINE\Software\Symantec\SharedDefs" of registry) and (exists value 
"NAVNO_50_AP1" of key 
"HKEY_LOCAL_MACHINE\Software\Symantec\SharedDefs" of registry) OR ((exists key 
"HKEY_LOCAL_MACHINE\Software\Symantec\SharedDefs" of registry) and exists value 
"NAVNT_50_AP1" of key 
"HKEY_LOCAL_MACHINE\Software\Symantec\SharedDefs" of registry)) then (preceding text of last 
"." of following text of last 
"\" of (value "NAVNT_50_AP1
" of key "HKEY_LOCAL_MACHINE\Software\Symantec\SharedDefs
" of registry as string)) else if ((exists key "HKEY_LOCAL_MACHINE\Software\Symantec\SharedDefs
" of registry) AND (exists value "NAVCORP_70
" of key "HKEY_LOCAL_MACHINE\Software\Symantec\SharedDefs
" of registry)) then (preceding text of last ".
" of following text of last "\
" of (value "NAVCORP_70
" of key "HKEY_LOCAL_MACHINE\Software\Symantec\SharedDefs
" of registry as string)) else "Not Installed
"

You can also get it from here (appears to have moved since IBM took over). http://support.bigfix.com/bes/misc/retrievedproperties.html

system · January 20, 2012, 4:15am

(imported comment written by Xie_Ran91)

You may also try this:

if (exists key 
"HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\SharedDefs" whose (exists value 
"NAVCORP_70" of it) of registry) then ((

if (exists 
"\" of it AND following text of last "\
" of it contains ".
") then (preceding text of last ".
" of following text of last "\
" of it & ", rev. 
" & following text of last ".
" of following text of last "\
" of it) else (it)) of (value "NAVCORP_70
" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\SharedDefs
" of registry as string)) else (if (exists key "HKEY_LOCAL_MACHINE\Software\Symantec\SharedDefs
" whose (exists value "NAVCORP_70
" of it) of registry) then ((if (exists "\
" of it AND following text of last "\
" of it contains ".
") then (preceding text of last ".
" of following text of last "\
" of it & ", rev. 
" & following text of last ".
" of following text of last "\
" of it) else (it)) of (value "NAVCORP_70
" of key "HKEY_LOCAL_MACHINE\Software\Symantec\SharedDefs
" of registry as string)) else ("<Not Installed>
"))

to get more details. This one also tells you the build/revision number.

system · March 7, 2012, 1:22am

(imported comment written by EKKH_Riff_Khan)

Thanks!