(imported topic written by EKKH_Riff_Khan)
Hi!
Can someone please paste the relevance language they are using in analysis to return the date for when virus definitions were updated in SEP?
Thanks!
(imported comment written by mcalvi91)
here is what we are using
if ((exists key
"HKEY_LOCAL_MACHINE\Software\Symantec\SharedDefs" of registry) and (exists value
"NAVNO_50_AP1" of key
"HKEY_LOCAL_MACHINE\Software\Symantec\SharedDefs" of registry) OR ((exists key
"HKEY_LOCAL_MACHINE\Software\Symantec\SharedDefs" of registry) and exists value
"NAVNT_50_AP1" of key
"HKEY_LOCAL_MACHINE\Software\Symantec\SharedDefs" of registry)) then (preceding text of last
"." of following text of last
"\" of (value "NAVNT_50_AP1
" of key "HKEY_LOCAL_MACHINE\Software\Symantec\SharedDefs
" of registry as string)) else if ((exists key "HKEY_LOCAL_MACHINE\Software\Symantec\SharedDefs
" of registry) AND (exists value "NAVCORP_70
" of key "HKEY_LOCAL_MACHINE\Software\Symantec\SharedDefs
" of registry)) then (preceding text of last ".
" of following text of last "\
" of (value "NAVCORP_70
" of key "HKEY_LOCAL_MACHINE\Software\Symantec\SharedDefs
" of registry as string)) else "Not Installed
"
You can also get it from here (appears to have moved since IBM took over). http://support.bigfix.com/bes/misc/retrievedproperties.html
(imported comment written by Xie_Ran91)
You may also try this:
if (exists key
"HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\SharedDefs" whose (exists value
"NAVCORP_70" of it) of registry) then ((
if (exists
"\" of it AND following text of last "\
" of it contains ".
") then (preceding text of last ".
" of following text of last "\
" of it & ", rev.
" & following text of last ".
" of following text of last "\
" of it) else (it)) of (value "NAVCORP_70
" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\SharedDefs
" of registry as string)) else (if (exists key "HKEY_LOCAL_MACHINE\Software\Symantec\SharedDefs
" whose (exists value "NAVCORP_70
" of it) of registry) then ((if (exists "\
" of it AND following text of last "\
" of it contains ".
") then (preceding text of last ".
" of following text of last "\
" of it & ", rev.
" & following text of last ".
" of following text of last "\
" of it) else (it)) of (value "NAVCORP_70
" of key "HKEY_LOCAL_MACHINE\Software\Symantec\SharedDefs
" of registry as string)) else ("<Not Installed>
"))
to get more details. This one also tells you the build/revision number.