Friday, November 25, 2005

WMI: Checking Symantec Antivirus definition dates on workstations via a WMI script

Have you ever wanted to be able to check Symantec antivirus definition dates on workstations via WMI, but weren’t sure exactly how to find the date? Well wonder no more, as you can find the date and revision in the following registry location.

HKLM\SOFTWARE\Symantec\SharedDefs\DEFWATCH_10
The value data is in a string that looks like this: “20051123.019” [YearMonthDay.Revision].

With that piece of information, you’re just a few steps from automating this effort.

So the first thing I did was start playing with the “reg query” command under Windows XP/2003. What’s nice about this is that it’s very easy to grab stuff out of remote registries using the tool; just specify the machine name like so:

“reg query \\workstationname\HKLM\SOFTWARE\Symantec\SharedDefs\ /v DEFWATCH_10"”

Go ahead and run this on your machine. Doing so will produce string that you can use (making sure to specify your workstation name where it says “workstationname”).

After you have this, you can load the results into a string, and then use your “Right/Left/Mid” functions to massage the date into something presentable. Just copy and paste the below code into a text file, and save it with a “.vbs” extension.

Oh, wait… you wanted to do this to multiple workstations? Or say, maybe every computer object in Active Directory?

Not a problem. With the code I have on this page, you can copy and paste it directly into my inventory script, and be off and running. Just make sure you put the “Wscript.Echo” line down in the reporting section of the original script.

Let me know what you think.


Set objShell = CreateObject("Wscript.Shell")

strCmdRun = "cmd /c"
strRegQ = "reg query "
strComputer = "workstationname"
strRegKey = "\HKLM\SOFTWARE\Symantec\SharedDefs\"
strCmdSw = " /v "
strRegKey2 = "DEFWATCH_10"

Dim objShell,objDef,objDate,objVer,objRev,objOutFile,objFSO,objNDate

Set objExec = objShell.Exec(strCmdRun & strRegQ & "\\" & strcomputer & strRegKey & strCmdSw & strRegKey2)

strExecResults = LCase(objExec.StdOut.ReadAll)

objVer = Right(strExecResults,16)
objRev = Right(objVer,7)
objDate = Left(objVer,8)
objYear = Left(objDate,4)
objMonth = Mid(objDate,5,2)
objDay = Right(objDate,2)
objNDate = CDATE(objMonth &"/"& objDay &"/"& objYear)

wscript.echo vbCrLf &"Symantec AntiVirus definition date: " & objNDate &" Rev. "& objRev

No comments: