Endpoint Protection

Hi all,

We are having issues without our Symantec System Center Console (v10.1.7) reporting the signature versions inaccurately from all distribution servers & hence need an alternative method of checking signatures of Primary & Secondary distribution servers preferably by browsing the file system.
We have a mixture of both Windows & Netware 6.0 servers.
Is this possible?
Any help appreciated.
Thanks in advance.

S.

 For windows
\\Servername\C$:\Program Files\Common Files\Symantec Shared\VirusDefs\usage.dat

open the file with notepad and it will show you the Definition date that is used.

You can get the Info from this Registry Location

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV

On this Key you can find two Values  
PatternFileDate  : Current Definition date
PatternFileRevision : Revision

These are Hexadecimal values

Example:
PatternFileDate  : 27090e - 2009 Oct 14 
27090e - YYMMDD Format
27 - 2009
27 Hex is 39 Decimal, this value is since 1970. So 1970+39 = 2009

09 is October (00- Jan, 0B - Dec)
0e Hex - 14 in decimal

PatternFileRevision : 16Hex - 22

 @Acretian - This is for SEP and SAVUser is looking for SAV 10.x

The Registry location for SAV 

HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion

I resolve the definition corruption for the clients from the parent servers by pushing  the unpacked Rx4Defs. The script replaces the XDB for every run if there is a new one available on the VPHOME. I think this is the snippet that you are looking for.......You might have to modify it to suit your requirement.



verify > nul
set /a check=%date:~10,4%%date:~4,2%%date:~7,2%-2
dir "\\%x%\c$\program Files\Common Files\Symantec Shared\virusDefs\200*" /b>"c:\SAV_Doctor\Defs_Check.txt"
FOR /F  %%i in ('type "c:\SAV_Doctor\Defs_Check.txt"') do if %%i GTR %check% Echo %name%          %x%    Defs_UptoDate>>"c:\SAV_Doctor\Result.txt" & GOTO :eof
Echo %name%          %x%    Out_Of_date>>c:\SAV_Doctor\Result.txt


Check=5 days prior like 20091011 for 11th october 2009
x=machine name or ip address
name=Hostname...List for IP and hostname can be used from SSC. We don't have very good DNS at all the sites so use IP to push and hostname to log.


So, by in large what happens overall is that the XDB on the VPHome is checked, if it's newer than the one within unpacked rx4defs, its replaced, the client is checked if it's alive, if it is, the defintiions are checked, if the definitions are older than 5 days, the utility is pushed and executed. Has been working well for quite some time now...........Runs every day on all the SAV servers.....taming 40k clients.

Sandeep,

I'm very interested to figure out how you are getting that script to push out to all of your clients.  I've been working on some automation but have been unable to figure out how to make something like that work.  Any info about how to push it out would be greatly appreciated.

Sure, It's a three line code that took almost three years of research. I will send you a PM soon.

Thank you very much.  I'll look forward to your PM.

Sent over.

Sandeep, I am having a similar problem and I think using that script would be a huge help. Just wondering if I could get some details on that as well.

Hi Sandeep,

I am looking to deploy rx4defs remotely and would appreciate a look at the code you have created.

Thanks

Hello Sandeep,  can you provide me with the script,and any technical instruction how to.
thanks