Topic
  • 3 replies
  • Latest Post - ‏2013-04-29T20:50:52Z by vpetrell
SystemAdmin
SystemAdmin
890 Posts

Pinned topic Retrieve SEP 12 Virus DAT Date

‏2013-04-05T19:47:41Z |
I am trying to retrieve the Virus DAT date for Symantec SEP 12.

The registry key is "HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV"
With a binary Value of "PatternFileDate" equal to 2b 03 05 00 ....

I've been able to pull that and convert it to a useful value except it drops the leading zero.
I can make it more readable by concating "/" between the values, but I prefer the results to be like previous versions of SEP.

Here is what the following returns: 201345 - I want it to be 20130405

if (exists key "HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV" of registry) and (exists value "PatternFileDate" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV" of registry) then (hexadecimal integer(first 2 of (value "PatternFileDate" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV" of registry as string))+ 1970 ) as string & (hexadecimal integer(last 2 of first 4 of(value "PatternFileDate" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV" of registry as string))+1) as string & (hexadecimal integer(last 2 of first 6 of(value "PatternFileDate" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV" of registry as string))) as string else "Not Installed"

Is there a way to add in the leading zero, or if there is a better way of getting the info I am open to that as well.

Thanks
  • MBARTOSH
    MBARTOSH
    12 Posts

    Re: Retrieve SEP 12 Virus DAT Date

    ‏2013-04-05T20:19:46Z  
    Do you have the Endpoint Protection Domain? There is a built in analysis in the Endpoint Protection Domain. You can then turn the Analysis into a property. One of the properites is the definitions.
  • SteveTEM
    SteveTEM
    2 Posts

    Re: Retrieve SEP 12 Virus DAT Date

    ‏2013-04-23T18:45:00Z  
    • MBARTOSH
    • ‏2013-04-05T20:19:46Z
    Do you have the Endpoint Protection Domain? There is a built in analysis in the Endpoint Protection Domain. You can then turn the Analysis into a property. One of the properites is the definitions.

    No I do not have the Endpoint Protection Domain.

    If someone has that does it have how to add the leading zero?

  • vpetrell
    vpetrell
    8 Posts

    Re: Retrieve SEP 12 Virus DAT Date

    ‏2013-04-29T20:50:52Z  
    • SteveTEM
    • ‏2013-04-23T18:45:00Z

    No I do not have the Endpoint Protection Domain.

    If someone has that does it have how to add the leading zero?

    This may help:

    http://bigfix.me/cdb/Analysis/56#comments