Ying Li at myITforum.com

PowerShell & System Center

VB script to get Symantec Antivirus Client version and virus definition date

Here is a VB script to check the Symantec Antivirus Client version and the virus definition date against a list of machines. What it does is to read registry remotely through WMI to get Symantec Antivirus version and their parent server for the clients. It also connect to c$\Program Files\Common Files\Symantec Shared\VirusDefs\definfo.dat on the clients and to read the CurDefs information from the file.

On Error Resume Next

Const ForReading = 1
Const HKEY_LOCAL_MACHINE = &H80000002
x = 2

'Create an Excel Work Sheet

Set objExcel = CreateObject("Excel.Application")
objExcel.Visible = True
objExcel.Workbooks.Add

objExcel.Cells(1, 1).Value = "Machine Name"
objExcel.Cells(1, 2).Value = "Parent Server"
objExcel.Cells(1, 3).Value = "SAV Version"
objExcel.Cells(1, 4).Value = "Virus Definition"
objExcel.Cells(1, 5).Value = "Rev Number"
objExcel.Cells(1, 6).Value = "Status"
objExcel.Cells(1, 7).Value = "Report Time Stamp"

objExcel.Range("A1:G1").Select
objExcel.Selection.Interior.ColorIndex = 19
objExcel.Selection.Font.ColorIndex = 11
objExcel.Selection.Font.Bold = True
objExcel.Cells.EntireColumn.AutoFit


'Read machine names from a txt file

Set Fso = CreateObject("Scripting.FileSystemObject")
Set InputFile = fso.OpenTextFile("MachineList.Txt")
Do While Not (InputFile.atEndOfStream)
strComputer = InputFile.ReadLine

intRow = x

objExcel.Cells(intRow, 1).Value = strComputer

GetRegInfo

GetDefInfo

objExcel.Cells(intRow, 7).Value = Now()

set strValue = Nothing
set dwValue = Nothing
set strSavVersion = Nothing
set objFSO = Nothing
Set objFile = Nothing
Set dtDefDate = Nothing
Set strRevNumber= Nothing

x = x + 1

Loop

Wscript.Echo "Done"

'*********************************************************************************************************
'Get information from Registry

Sub GetRegInfo

Set oReg=GetObject( _
   "winmgmts:{impersonationLevel=impersonate}!\\" &_
    strComputer & "\root\default:StdRegProv")
strKeyPath = "SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion"
strParent = "Parent"
strProversion = "ProductVersion"

oReg.GetStringValue _
   HKEY_LOCAL_MACHINE,strKeyPath,strParent,strValue

objExcel.Cells(intRow, 2).Value = strValue

oReg.GetDWORDValue _
   HKEY_LOCAL_MACHINE,strKeyPath,strProversion,dwValue

Select Case dwValue

Case 328336375
strSavVersion ="10.1.5.5010"

Case 23528424
strSavVersion = "10.0.0.359"

Case 65537001
strSavVersion = "10.0.1.1000"

Case 65995753
strSavVersion = "10.0.1.1007"

Case 66061289
strSavVersion = "10.0.1.1008"

Case 131073002
strSavVersion = "10.0.2.2000"

Case 131138538
strSavVersion = "10.0.2.2001"

Case 131728362
strSavVersion = "10.0.2.2010"

Case 132383722
strSavVersion = "10.0.2.2020"

Case 132449258
strSavVersion = "10.0.2.2021"

Case 25822194
stSavVersion = "10.1.0.394"

Case 25953266
strSavVersion = "10.1.0.396"

Case 26215410
strSavVersion = "10.1.0.400"

Case 26280946
strSavVersion = "10.1.0.401"

Case 65536905
strSavVersion = "9.0.5.1000"

Case 72090503
strSavVersion = "9.0.3.1100"

Case 65536903
strSavVersion = "9.0.3.1000"

Case 65536902
strSavVersion = "9.0.2.1000"

Case 65536901
strSavVersion = "9.0.1.1000"

Case 22152068
StrSavversion = "9.0.0.338"

Case 21562155
strSavVersion = "8.1.1.329"

Case 21168939
strSavVersion = "8.1.1.323"

Case 20906795
strSavVersion = "8.1.1.319"

Case 20579115
strSavVersion = "8.1.1.314"

Case 54068001
strSavVersion = "8.1.0.825"

Case 29950753
strSavVersion = "8.0.1.457"

Case 614597408
strSavVersion = "8.0.0.9378"

Case 614335264
strSavVersion = "8.0.0.9374"

Case 29229856
strSavVersion = "8.0.0.446"

Case 28640032
strSavVersion = "8.0.0.437"

Case 28443424
strSavVersion = "8.0.0.434"

Case 28115744
strSavVersion = "8.0.0.429"

Case 27853600
strSavVersion = "8.0.0.425"

Case 85197700
strSavVersion = "7.60.926"

Case 61997817
strSavVersion = "7.6.1.946"

Case 61473529
strSavVersion = "7.6.1.938"

Case 60949241
strSavVersion = "7.6.1.930"

Case 60687096
strSavVersion = "7.6.1.926"

Case 55509743
strSavVersion = "7.5.1.847"

Case 48366268
strSavVersion = "7.0.0"

End Select

objExcel.Cells(intRow, 3).Value = strSavVersion

End Sub

'*******************************************************************************************************************
'Get Virus definition from definfo.dat.

Sub GetDefInfo

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.GetFile("\\" & strComputer & _
  "\c$\Program Files\Common Files\Symantec Shared\VirusDefs\definfo.dat")

If objFSO.FileExists(objFile) Then
Set objDatFile = objFSO.OpenTextFile(objFile, 1)
Do Until objDatFile.AtEndOfStream
strLine = objDatFile.Readline
intCurDefs = InStr(strLine , "CurDefs")
   If intCurDefs > 0 Then
   strCurDefs = strLine
   strDateDefs = Mid(strCurDefs, 9, 8)

   dtYear = Left(strDateDefs, 4)
   dtMonth = Mid(strDateDefs, 5, 2)
   dtDay = Right(strDateDefs, 2)
   DateVirDefs = dtMonth & "/" & dtDay & "/" & dtYear
   dtDefDate = CDate(DatevirDefs)

   objExcel.Cells(intRow, 4).Value = dtDefDate

 If (date - dtDefDate) = 1 Then
 objExcel.Cells(intRow, 6).Value = "OK"
 Else
 objExcel.Cells(intRow, 6).Value = "Need Attention!"
 End If
 
   strRevNumber = Right(strCurDefs, 3)
   objExcel.Cells(intRow, 5).Value = strRevNumber
    
   End If
   Loop
   objDatFile.Close

Else
objExcel.Cells(intRow, 4).Value = "The file definfo.dat does not exist"

End If

End Sub


 

Posted: Jan 12 2007, 12:28 PM by yli628 | with 6 comment(s)
Filed under:

Comments

Ying Li at myITforum.com said:

Here is a powershell script translated from the previous VB script – http://myitforum.com/cs2/blogs/yli628/archive/2007/01/12/vb-script-to-get-symantec-antivirus-client-version-and-virus-definition-date.aspx

# February 13, 2007 11:12 AM

Anonymous said:

I am working on a similar script and had already figured out everything but how to determine the DWord values for each of the versions.  Is there a specific formula that you used or found somewhere on the net (and would you mind sharing it)?

# March 19, 2007 11:49 PM

amello said:

I converted the powershell script back to VB. This was the hard part.

' 3e803e9 = 10.0.1.1000

' 3e8=1000  03e9=1001

strHex = Cstr(Hex(dwValue))

strBuild = Cstr(CLng("&H" & Left((strHex), Len(strHex)-4)))

strLo = Cstr(CLng("&H" & Right(strHex, 4)))

strMinor = Right(strLo, 1)

strRev = Mid(strLo, (Len(strLo)-2), 1)

strMajor = Left(strLo, (Len(strLo)-2))

wscript.echo("Ver:  " & strMajor & "." & strRev & "." & strMinor & "." & strBuild )

# August 21, 2007 10:13 PM

yli628 said:

Nice job, Thanks!

# August 22, 2007 8:56 AM

mohanranjith said:

Change the RegInfo to simplify the function and avoid the CASE : following is the code

-------------------------------------------

Sub GetRegInfo

Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")

strKeyParentPath = "SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\"

strKeyVerPath = "SOFTWARE\INTEL\DLLUsage\VP6\"

strParent = "Parent"

strProversion = "C:\Program Files\Symantec AntiVirus\Rtvscan.exe"

oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyParentPath,strParent,strValue

wshExcel.Cells(intRow, 2).Value = strValue

oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyVerPath,strProversion,strSavVersion

wshExcel.Cells(intRow, 3).Value = strSavVersion

End Sub

# December 8, 2007 4:16 AM

PC Security said:

Good info and well presented, for more quality free info on pc security related issues have a look here.

# July 3, 2008 6:23 AM