SEP version 14 vdefs pass or fail

I am trying to compare the virus definitions in the latest SEP 14 to the current date. The comparison is whether the virus definitions are older than 10 days they fail in the statement. I have put together an analyses however it seems that you can’t compare date strings.

Example:
if(( concatenation “” of substrings separated by ( “-” as string) of( “” & value “LatestVirusDefsDate” of it as string as trimmed string) ) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\public-opstate” of registry) as integer is greater than or equal to (concatenation “” of (current year as string;current month as two digits as string;current day_of_month as two digits as string)) as integer -10 then “Pass” else “Fail”

If the date is in the first 9 days then the date would be the integer -10 showing (ie) 20170296 which is not a date.

Not sure if this can be done.

Try using a date object, something like this:

(current date - 10*day > it) of (date it) of (item 2 of it & " " & item 1 of it as integer as month as three letters & " " & item 0 of it) of (it, first 2 of following text of it, first 2 of following text of first 2 of following text of it) of first 4 of “20170304”

In your SEP case it might look something like this (please verify as I don’t have the SEP agent to test this on):

(current date - 10*day > it) of (date it) of (item 2 of it & " " & item 1 of it as integer as month as three letters & " " & item 0 of it) of (it, first 2 of following text of it, first 2 of following text of first 2 of following text of it) of first 4 of (value “LatestVirusDefsDate” of it as string as trimmed string) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\public-opstate” of registry

Thank you this looks promising. The format of : (value “LatestVirusDefsDate” of it as string as trimmed string) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\public-opstate” of registry is 2017-03-05. Not sure where I need to reformat “it”

The error in the original came back as Singular expression refers to nonexistent object.

Found a way to do the Analysis as a pass fail by adding another statement. This works on SEP 14 and SEP 12:

if (current date - 10*day < it) of (date it) of (item 2 of it & " " & item 1 of it as integer as month as three letters & " " & item 0 of it) of (it, first 2 of following text of it, first 2 of following text of first 2 of following text of it) of first 4 of (( concatenation “” of substrings separated by ( “-” as string) of( “” & value “LatestVirusDefsDate” of it as string as trimmed string) ) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\public-opstate” of registry) then “Pass” else “Fail”

For a format like that you can even write something “cleaner” like:

(current date - 10*day > it) of (date it) of (tuple string item 2 of it & " " & tuple string item 1 of it as integer as month as three letters & " " & tuple string item 0 of it) of concatenation ", " of substrings separated by “-” of (value “LatestVirusDefsDate” of it as string as trimmed string) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\public-opstate” of registry