Symantec and Mcafee version info

[covaks]

part of an admin maintenance tool I wrote for work. Not sure if anyone will find this useful or not, but thought I'd share. At work I have a gui that reads a list of servers, it puts them into a listview where you can edit username/password information for each server. Then it'll go through hundreds of servers and generate a csv file with the version info. (also has functions to retrieve serial numbers, get local time for after dst patching, and can clear space on C: drive by clearing \temp folder, recycle bin for all profiles, temp internet files for all profiles, and compressing i386.. if anyones interested in those funcs)

CODE

Func _SymantecGetVersion($Hostname, $User = "", $Password = "Password")

Local Const $NAVVersionKey = "HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion"

Local Const $NAVVersionValue = "ProductVersion"

Local Const $NAVEngineKey = "HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion"

Local Const $NAVEngineValue = "ScanEngineVersion"

Local Const $NAVDefinitionsKey = "HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs"

Local Const $NAVDefinitionsValue = "NAVCORP_70"

Local $NAVMajorVersion

Local $NAVMinorVersion

Local $strVersion

Local $strEngine

Local $strDefinitions

Local $tmp, $tmp2, $tmp3

Local $tmpArray

Local $Authenticated = 0

If $User <> "" Then

$Authenticated = _AuthenticateToServer($Hostname, $User, $Password)

If $Authenticated > 1 Then

Return $Authenticated

EndIf

EndIf

$tmp = RegRead("\\" & $Hostname & "\" & $NAVVersionKey, $NAVVersionValue)

$tmp2 = RegRead("\\" & $Hostname & "\" & $NAVEngineKey, $NAVEngineValue)

$tmp3 = RegRead("\\" & $Hostname & "\" & $NAVDefinitionsKey, $NAVDefinitionsValue)

If $tmp = "" Then

$strVersion = "Unavailable"

Else

$NAVMinorVersion = Dec(StringLeft(Hex($tmp), 4))

$NAVMajorVersion = StringSplit(Dec(StringRight(Hex($tmp), 4)),"")

$strVersion = $NAVMajorVersion[1] & $NAVMajorVersion[2] & "." & $NAVMajorVersion[3] & "." & $NAVMajorVersion[4] & "." & $NAVMinorVersion

EndIf

If $tmp2 = "" Then

$strEngine = "Unavailable"

Else

$strEngine = Dec(StringMid(Hex($tmp2), 1, 2)) & "." & Dec(StringMid(Hex($tmp2), 3, 2)) & "." & Dec(StringMid(Hex($tmp2), 5, 2)) & "." & Dec(StringMid(Hex($tmp2), 7, 2))

EndIf

If $tmp3 = "" Then

$strDefinitions = "Unavailable"

Else

$tmpArray = StringSplit($tmp3, "\")

$strDefinitions = StringMid($tmpArray[$tmpArray[0]], 7, 2) & "/" & StringMid($tmpArray[$tmpArray[0]], 5, 2) & "/" & StringMid($tmpArray[$tmpArray[0]], 1, 4) & " rev." & StringMid($tmpArray[$tmpArray[0]], 10, 3)

EndIf

If $Authenticated = 1 Then

msgbox(1,"","deauthed")

_DeAuthenticateToServer($Hostname)

EndIf

Local $Array[3] = [$strDefinitions,$strVersion,$strEngine]

Return $Array

EndFunc

Func _McAfeeGetVersion($Hostname, $User = "", $Password = "Password")

Local Const $DateKey = "HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\VirusScan Engine\4.0.xx\"

Local Const $VersionKey = "HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\VirusScan Engine\4.0.xx\"

Local Const $EngineKey = "HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\VirusScan Engine\4.0.xx\"

Local Const $DateValue = "szVirDefDate"

Local Const $VersionValue = "szVirDefVer"

Local Const $EngineValue = "szEngineVer"

Local $strDate

Local $strVersion

Local $strEngine

Local $Authenticated = 0

If $User <> "" Then

$Authenticated = _AuthenticateToServer($Hostname, $User, $Password)

If $Authenticated > 1 Then

Return $Authenticated

EndIf

EndIf

$strDate = RegRead("\\" & $Hostname & "\" & $DateKey, $DateValue)

If $strDate = "" Then $strDate = "Unavailable"

$strVersion = RegRead("\\" & $Hostname & "\" & $VersionKey, $VersionValue)

If $strVersion = "" Then $strVersion = "Unavailable"

$strEngine = RegRead("\\" & $Hostname & "\" & $EngineKey, $EngineValue)

If $strEngine = "" Then $strEngine = "Unavailable"

If $Authenticated = 1 Then

_DeAuthenticateToServer($Hostname)

EndIf

Local $Array[3] = [$strDate,$strVersion,$strEngine]

Return $Array

EndFunc

Func _AuthenticateToServer($Hostname, $User, $Password)

If DriveMapAdd("", "\\" & $Hostname & "\IPC$", 0, $User, $Password) = 1 Then

Return 1

Else

Return @extended

EndIf

EndFunc

Func _DeAuthenticateToServer($Hostname)

DriveMapDel("\\" & $Hostname & "\IPC$")

EndFunc

$arr = _McAfeeGetVersion("whmm1234")

If IsArray($arr) Then

msgbox(1,"","Definitions date: " & $arr[0] & @CRLF & _

"Software version: " & $arr[1] & @CRLF & _

"Engine version: " & $arr[2])

Else

MsgBox(1,"","Failed with error code: " & $arr)

EndIf

$arr2 = _SymantecGetVersion("10.0.0.2","ACME\Coyote","stupidbird")

If IsArray($arr2) Then

msgbox(1,"","Definitions date: " & $arr2[0] & @CRLF & _

"Software version: " & $arr2[1] & @CRLF & _

"Engine version: " & $arr2[2])

Else

MsgBox(1,"","Failed with error code: " & $arr2)

EndIf

[Webthingy]

Nice code. I was looking at doing something like this to check Mcafee, but I am trying to search the event log for failed updates and policy enforcement. Thanks for the info... Webthingy

[rajeshontheweb]

great job, just what i wanted. , i just wanted to save time searching for it before i start spending time on my own (as usual) to retrieve installed version info. i was actually gonna browse through uninstall strings and get it (which i will eventually do, as the above applies only to landesk compatible products not earlier) but one thing, i've been using DEFWATCH_10 whats the major difference between using DEFWATCH_10 & NAVCORP_70 anyone?