Shavlik: Get Symantec Antivirus Engine and Definition Version

Version 6

    Author: Shavlik

    Category: Information

    Inputs: Maximum number of days before a virus definition is considered stale.

    Minimum ITScripts engine version required: 8.0.0.0

    Modifies the target machine: No

    Name: Get Symantec Antivirus Engine and Definition Version

    Outputs: A CSV file showing Computer Name, Symantec Endpoint Protection Version, AV Definition Version, AV Definition Date, and Status based on the age and the input.

    Purpose: This script gets the Symantec Endpoint Protection engine version, the definition file version, and definition age information from target systems in your environment. The script will output the information to a CSV file.

    Script Version: 1.0.2.1

    Target Type: Any

     

    Technical Description:

    This script uses WMI to connect to the target machine's registry and identify the target OS. The script then retrieves information from the target system's registry about Symantec Endpoint Protection (SEP). The script supports SEP version 11.x or later.

    • If SEP is not found the script will return the following result: "Symantec Endpoint Protection is not installed."
    • If SEP is found the script will access the definition file definfo.dat to get information about the currently installed definitions. This information is processed to get the date & time from the file and is then compared to the current date & time on the local system. If the difference between the two exceeds the staleDays parameter, the definition file is determined to be out of date.

     

    The script returns this information in a CSV output file.

     

    If the script fails to connect to a machine it will return:

    "WMI connection to the target machine failed. The machine may be offline or firewalled."

     

    The script pulls the following information from the target machine and outputs it to a CSV file:

    "Computer Name", "Symantec Endpoint Protection Version", "AV Definition Version", "AV Definition Date", and "Status"

     

     

    Possible Operations Monitor results include:

    "WMI connection to the target machine failed. The machine may be offline or firewalled."

    "Success"

    "Symantec Endpoint Protection is not installed."