Symantec AV Engine Version

Does anyone have an RP for engine version detection pls - http://www.zdnet.com/article/symantec-antivirus-products-vulnerable-to-horrid-overflow-bug/

In the, “Client Manager for Endpoint Protection” external site there are analyses covering Symantec Anti-Virus products.

I would recommend creating a report that looks at the engine version parameter in those analyses and compares it against he most recent vulnerable version (in this case: 20151.1.0.32)

Bill

1 Like

Any chance you publish the relevance for engine version only please ?

Unfortunately I can’t republish IBM content – I also don’t have access to an environment running Symantec.

Maybe someone else has an analysis they can share that provides this data.

1 Like

I have coded up detection, thanks anyway.

This may be of interest to others – would you mind sharing the relevance you used?

1 Like

version of file (preceding text of first “%00” of following text of last “??” of (value “ImagePath” of (key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NAVENG” of registry) as string)) as string | “N/A”

There is one on BigFix.me by @jgstew that seems to work.

https://bigfix.me/analysis/details/2994621

Martin

1 Like

I don’t see Engine Version there …