Editing Built in Mcafee Fixlet

(imported topic written by TommyG91)

I’m working with the built in Fixlet:

UPDATE: Outdated McAfee Virus Def Detected

The problems with this fixlet are:

  1. It shows me clients with dats that are only a day old. I only care about clients with a dat more than 5 days old.

  2. I need top STOP the mcafee services before I apply the xdat. There seems to have been a dat released recently that requires a reboot if you don’t stop the services first, as it tries to replace files in use.

So, I copied and create my own fixlet, and edited the relevancy to my liking, and I’ve edited the action to stop the services before applying the xdat. So I’m happy… but…

The action is stuck with applying the dat that was hard coded into the mcafee fixlet, the day I copied it. How do I keep my action script current?

Thanks!

Tom

(imported comment written by BenKus)

Hey Tom,

This is tricky… We update the McAfee definition files daily and so each time a new dat is released, you would need to update your action to deploy the new Fixlet… Our new “dynamic download” functionality in 7.2 will be able to handle this scenario so you could modify our Fixlet and then have it re-run to always get the latest dat, but the problem is that we haven’t done the work to get all the CMAV content updated (we started with our Trend Micro Core Production Module Fixlet content).

Ben