Ying Li at myITforum.com

Powershell script to get Symantec Antivirus Client version and virus definition date

Here is a powershell script translated from my previous VB script –

http://myitforum.com/cs2/blogs/yli628/archive/2007/01/12/vb-script-to-get-symantec-antivirus-client-version-and-virus-definition-date.aspx

$erroractionpreference = "SilentlyContinue"

$a = New-Object -comobject Excel.Application
$a.visible = $True

$b = $a.Workbooks.Add()
$c = $b.Worksheets.Item(1)

$c.Cells.Item(1,1) = "Machine Name"
$c.Cells.Item(1,2) = "Parent Server"
$c.Cells.Item(1,3) = "SAV Version"
$c.Cells.Item(1,4) = "Virus Definition"
$c.Cells.Item(1,5) = "Rev Number"
$c.Cells.Item(1,6) = "Status"
$c.Cells.Item(1,7) = "Report Time Stamp"

$d = $c.UsedRange
$d.Interior.ColorIndex = 19
$d.Font.ColorIndex = 11
$d.Font.Bold = $True

$intRow = 2

$colComputers = get-content C:\Myworkplace\Clientlist.txt

foreach ($strComputer in $colComputers)
{
$c.Cells.Item($intRow,1)  = $strComputer

Function GetRegInfo
{
$key="Software\INTEL\LANDesk\VirusProtect6\CurrentVersion"
$regkey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey([Microsoft.Win32.RegistryHive]::LocalMachine, $strComputer)
$regKey = $regKey.OpenSubKey($key)

$c.Cells.Item($intRow,2)  = $regKey.GetValue("parent")

$productver  = $regKey.GetValue("ProductVersion")

Switch ($productver)
{
328336375 {$SavVersion ="10.1.5.5010"}

23528424 {$SavVersion = "10.0.0.359"}

65537001 {$SavVersion = "10.0.1.1000"}

65995753 {$SavVersion = "10.0.1.1007"}

66061289 {$SavVersion = "10.0.1.1008"}

131073002 {$SavVersion = "10.0.2.2000"}

131138538 {$SavVersion = "10.0.2.2001"}

131728362 {$SavVersion = "10.0.2.2010"}

132383722 {$SavVersion = "10.0.2.2020"}

132449258 {$SavVersion = "10.0.2.2021"}

25822194 {$SavVersion = "10.1.0.394"}

25953266 {$SavVersion = "10.1.0.396"}

26215410 {$SavVersion = "10.1.0.400"}

26280946 {$SavVersion = "10.1.0.401"}

65536905 {$SavVersion = "9.0.5.1000"}

72090503 {$SavVersion = "9.0.3.1100"}

65536903 {$SavVersion = "9.0.3.1000"}

65536902 {$SavVersion = "9.0.2.1000"}

65536901 {$SavVersion = "9.0.1.1000"}

22152068 {$SavVersion = "9.0.0.338"}

21562155 {$SavVersion = "8.1.1.329"}

21168939 {$SavVersion = "8.1.1.323"}

20906795 {$SavVersion = "8.1.1.319"}

20579115 {$SavVersion = "8.1.1.314"}

54068001 {$SavVersion = "8.1.0.825"}

29950753 {$SavVersion = "8.0.1.457"}

614597408 {$SavVersion = "8.0.0.9378"}

614335264 {$SavVersion = "8.0.0.9374"}

29229856 {$SavVersion = "8.0.0.446"}

28640032 {$SavVersion = "8.0.0.437"}

28443424 {$SavVersion = "8.0.0.434"}

28115744 {$SavVersion = "8.0.0.429"}

27853600 {$SavVersion = "8.0.0.425"}

85197700 {$SavVersion = "7.60.926"}

61997817 {$SavVersion = "7.6.1.946"}

61473529 {$SavVersion = "7.6.1.938"}

60949241 {$SavVersion = "7.6.1.930"}

60687096 {$SavVersion = "7.6.1.926"}

55509743 {$SavVersion = "7.5.1.847"}

48366268 {$SavVersion = "7.0.0"}
}
$c.Cells.Item($intRow,3)  = $SavVersion
}

GetRegInfo

Function GetDefInfo
{
$x = Test-path "\\$strcomputer\c$\Program Files\Common Files\Symantec Shared\VirusDefs\definfo.dat"
if($x -eq "True")
{
$y = get-content "\\$strcomputer\c$\Program Files\Common Files\Symantec Shared\VirusDefs\definfo.dat"
$z = $y[1]
$dtyear = $z.substring(8,4)
$dtmonth = $z.substring(12,2)
$dtday = $z.substring(14,2)
$Rev = $z.substring(16,3)

$ddate = "$dtmonth" + "/"+ "$dtday" + "/" + "$dtyear"

$DateVirDefs =[datetime]$ddate

$c.Cells.Item($intRow,4)  = $DateVirDefs
$c.Cells.Item($intRow,5)  = $Rev
}
Else
{
$c.Cells.Item($intRow,4)  = "Information can't be found"
}
$now = Get-date
$dtdiff = $now - $DatevirDefs
Write-host $dtdiff
If ($dtdiff -gt 1)
{
$c.Cells.Item($intRow,6)  = "OK"
}
Else
{
$c.Cells.Item($intRow,6)  =  "Need Attention!"
}
$c.Cells.Item($intRow,7) = $now
}

GetDefInfo
 
$intRow = $intRow + 1
}
$d.EntireColumn.AutoFit()
cls