Share This Post

PowerShell script to get Symantec Antivirus Client version and virus definition date – Version 3

Here is V3 of this script and I added 64 bit support:

$erroractionpreference = "SilentlyContinue"

$a = New-Object -comobject Excel.Application
$a.visible = $True

$b = $a.Workbooks.Add()
$c = $b.Worksheets.Item(1)

$c.Cells.Item(1,1) = "Machine Name"
$c.Cells.Item(1,2) = "Parent Server"
$c.Cells.Item(1,3) = "Client Group"
$c.Cells.Item(1,4) = "SAV Version"
$c.Cells.Item(1,5) = "Virus Definition"
$c.Cells.Item(1,6) = "Rev Number"
$c.Cells.Item(1,7) = "Status"
$c.Cells.Item(1,8) = "Report Time Stamp"

$d = $c.UsedRange
$d.Interior.ColorIndex = 19
$d.Font.ColorIndex = 11
$d.Font.Bold = $True

$intRow = 2

$colComputers = get-content C:\Myworkplace\Clientlist.txt

foreach ($strComputer in $colComputers)
{
$c.Cells.Item($intRow,1) = $strComputer

Function GetRegInfo
{
$OS = get-wmiobject Win32_computerSystem -computername $strComputer
foreach($objOS in $OS)
{
if($objOS.systemtype -eq "X64-based PC")
{
$key="Software\Wow6432Node\INTEL\LANDesk\VirusProtect6\CurrentVersion"
}
Else
{
$key="Software\INTEL\LANDesk\VirusProtect6\CurrentVersion"
}
}

$regkey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey([Microsoft.Win32.RegistryHive]::LocalMachine, $strComputer)
$regKey = $regKey.OpenSubKey($key)

$Parent = $regKey.GetValue("parent")
$strParent = $Parent.substring(0,7)

If($strParent -eq ‘OPCOSAV’)
{
$c.Cells.Item($intRow,2).Interior.ColorIndex = 7
$c.Cells.Item($intRow,2) = $Parent
}
Else
{
$c.Cells.Item($intRow,2) = $Parent
}
$Group = $regKey.GetValue("ClientGroup")

If ($Group -eq ‘Instrat’)
{
$c.Cells.Item($intRow,3).Interior.ColorIndex = 8
$c.Cells.Item($intRow,3) = $Group
}
Else
{
$c.Cells.Item($intRow,3) = $Group
}

$productver = $regKey.GetValue("ProductVersion")

Switch ($productver)
{
328336375 {$SavVersion ="10.1.5.5010"}

23528424 {$SavVersion = "10.0.0.359"}

65537001 {$SavVersion = "10.0.1.1000"}

65995753 {$SavVersion = "10.0.1.1007"}

66061289 {$SavVersion = "10.0.1.1008"}

131073002 {$SavVersion = "10.0.2.2000"}

131138538 {$SavVersion = "10.0.2.2001"}

131728362 {$SavVersion = "10.0.2.2010"}

132383722 {$SavVersion = "10.0.2.2020"}

132449258 {$SavVersion = "10.0.2.2021"}

25822194 {$SavVersion = "10.1.0.394"}

25953266 {$SavVersion = "10.1.0.396"}

26215410 {$SavVersion = "10.1.0.400"}

26280946 {$SavVersion = "10.1.0.401"}

65536905 {$SavVersion = "9.0.5.1000"}

72090503 {$SavVersion = "9.0.3.1100"}

65536903 {$SavVersion = "9.0.3.1000"}

65536902 {$SavVersion = "9.0.2.1000"}

65536901 {$SavVersion = "9.0.1.1000"}

22152068 {$SavVersion = "9.0.0.338"}

21562155 {$SavVersion = "8.1.1.329"}

21168939 {$SavVersion = "8.1.1.323"}

20906795 {$SavVersion = "8.1.1.319"}

20579115 {$SavVersion = "8.1.1.314"}

54068001 {$SavVersion = "8.1.0.825"}

29950753 {$SavVersion = "8.0.1.457"}

614597408 {$SavVersion = "8.0.0.9378"}

614335264 {$SavVersion = "8.0.0.9374"}

29229856 {$SavVersion = "8.0.0.446"}

28640032 {$SavVersion = "8.0.0.437"}

28443424 {$SavVersion = "8.0.0.434"}

28115744 {$SavVersion = "8.0.0.429"}

27853600 {$SavVersion = "8.0.0.425"}

85197700 {$SavVersion = "7.60.926"}

61997817 {$SavVersion = "7.6.1.946"}

61473529 {$SavVersion = "7.6.1.938"}

60949241 {$SavVersion = "7.6.1.930"}

60687096 {$SavVersion = "7.6.1.926"}

55509743 {$SavVersion = "7.5.1.847"}

48366268 {$SavVersion = "7.0.0"}
}
$VersionNumber = [int]$SavVersion.substring(0,2)
If ($VersionNumber -ge 9)
{$c.Cells.Item($intRow,4) = $SavVersion}
Else
{
$c.Cells.Item($intRow,4).Interior.ColorIndex = 3
$c.Cells.Item($intRow,4) = $SavVersion
}
}

GetRegInfo

Function GetDefInfo
{
$OS = get-wmiobject Win32_computerSystem -computername $strComputer
foreach($objOS in $OS)
{
if($objOS.systemtype -eq "X64-based PC")
{
$path = "\\$strcomputer\c$\Program Files (x86)\Common Files\Symantec Shared\VirusDefs\definfo.dat"
}
Else
{
$path ="\\$strcomputer\c$\Program Files\Common Files\Symantec Shared\VirusDefs\definfo.dat"
}
}
$x = Test-path $path
if($x -eq "True")
{
$y = get-content $path
$z = $y[1]
$dtyear = $z.substring(8,4)
$dtmonth = $z.substring(12,2)
$dtday = $z.substring(14,2)
$Rev = $z.substring(17,3)

$ddate = "$dtmonth" + "/"+ "$dtday" + "/" + "$dtyear"

$DateVirDefs =[datetime]$ddate

$c.Cells.Item($intRow,5) = $DateVirDefs
$c.Cells.Item($intRow,6) = $Rev

$dtdiff = [datetime](get-date -format g) – $DatevirDefs

If ($dtdiff.totaldays -le 2)
{
$c.Cells.Item($intRow,7).Interior.ColorIndex = 4
$c.Cells.Item($intRow,7) = "OK"
}
Else
{
$c.Cells.Item($intRow,7).Interior.ColorIndex = 3
$c.Cells.Item($intRow,7) = "Need Attention!"
}
}
Else
{
$c.Cells.Item($intRow,5).Interior.ColorIndex = 6
$c.Cells.Item($intRow,5) = "Information can’t be found"
$c.Cells.Item($intRow,7).Interior.ColorIndex = 6
$c.Cells.Item($intRow,7) = "Need Attention!"
}
}

GetDefInfo

$c.Cells.Item($intRow,8) = Get-date
$intRow = $intRow + 1
}
$d.EntireColumn.AutoFit()
cls

Share This Post

Ying Li obtained a Master degree of Medicine in China and worked in the medical field before he came to the states in 1996. He made the career switch from troubleshooting people to troubleshooting computers after he came to the states. Not entirely a surprise there, if you know that his second preference for college is Mathematics. Ying is two times Admin Framework MVP awardee (2007-2008).His previous employment experience in the US includes UUNET, MCI WorldCom. MMC (Marsh & McLennan Companies), Merrill Lynch. He is currently employed by Related Companies as a Senior Infrastructure Engineer. He is proficient in virtually all Microsoft products (Office/Back office). His craving for efficiency naturally leads him to scripting, automation and before you know it, PowerShell! He is currently a MCSE (NT4, 2000, 2003) and MCITP Server Administrator. Ying enjoys wines and love to travel. His non work related passion is to advocate Health Living!

Leave a Reply