We run multiple versions of the McAfee Agent. Our current property to gather “Agent Version” checks multiple registry locations, but McAfee seems to change the location with each new version of the Agent. I’m wondering if there is a more universal way to get this information. I’ve got the idea below, but it needs tweaking to return the correct information:
if (exists key whose (value “DisplayName” of it as string as lowercase contains “mcafee agent”) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry) then (value “DisplayVersion” of (name of key whose (value “DisplayName” of it as string as lowercase contains “mcafee agent”) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry) else (“N/A”)
We use some similar session relevance for a “universal Symantec uninstaller”, and that works like this:
if {exists key whose (value “DisplayName” of it as string as lowercase contains “symantec endpoint protection”) of key “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry}
waithidden “{pathname of system folder}\msiexec.exe” /qn REBOOT=ReallySuppress /x {name of key whose (value “DisplayName” of it as string as lowercase contains “symantec endpoint protection”) of key “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry}
However, the McAfee Agent Property isn’t returning anything other than “N/A” for all my machines.
I looked at the other analysis linked in this thread and in the original post, but those are targeting specific file locations which McAfee tends to change frequently. I’d like a longer term solution that will continue to work no matter where McAfee stores files and no matter what key name they use in the registry.
Our other properties can identify DAT version, VSE engine version, etc. reliably.
Right now I’m only looking for help with a “universal” way to identify the McAfee ePO Agent version without having to update my property with every new Agent that they release. We currently capture the data with a long string of “if exists…else if…else if…” looking at many file locations and registry locations. It would be my preference to simplify the property such that it will capture the Agent version without regard to file location or registry location of any version.
if (windows of operating system) then ((value "DisplayVersion" of it as string) of keys whose (value "DisplayName" of it as string is "McAfee Agent") of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\" of (x32 registries; x64 registries)) else ((substring after "<Version>"of substring before "</Version>" of it as string) of lines containing "<Version>" of file "config.xml" of folder whose (name of it starts with "EPOAGENT") of folders "/private/etc/cma.d")
For Mac and PC.
It looks like the issue in your relevance here:
if (exists key whose (value "DisplayName" of it as string as lowercase contains "mcafee agent") of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of registry) then (value "DisplayVersion" of (name of key whose (value "DisplayName" of it as string as lowercase contains "mcafee agent") of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of registry) else ("N/A")
Is that you’re doing value "DisplayVersion" of (name of key you’re getting value “DisplayVersion” of the name of the key instead of of the key and you’re only checking one registry (not both x86 and x64).
Give just the windows side of my analysis a shot:
(value "DisplayVersion" of it as string) of keys whose (value "DisplayName" of it as string is "McAfee Agent") of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\" of (x32 registries; x64 registries)