Skip to main content
Question

SEP Definition version

  • September 17, 2013
  • 2 replies
  • 26 views
D
Forum|alt.badge.img+3

Has anybody figured out how to query the definition file's version and display it via an extension attribute?

    2 replies

    scottb
    Forum|alt.badge.img+18
    • scottb
    • Valued Contributor
    • September 17, 2013

    I'm using this one on SEP 11.

    https://jamfnation.jamfsoftware.com/viewProductFile.html?id=29&fid=145

    C
    Forum|alt.badge.img+10
    • clrlmiller
    • Contributor
    • October 22, 2015

    I'd just finished updating this for the 3rd time a few days ago and am posting it for the 3rd party EA for SEP. It's ugly, but it works for us. We're likely moving to McAfee soon, so I'll get to start all over again.

    EDIT: Noticed an issue with some of our machines running SEPv12 and the number of older def folders kept. This should now just query the 'engine.mfst' file for date info and should be absolute.

    !/bin/sh

    ############################################################################################

    Find the date of Virus Definitions for Norton AntiVirus or Symantec EndPoint

    This script has been verified to work on Norton AntiVirus (v10, v11) and Symantec Endpoint (v11, v12).

    Cobbled together from other's hard work

    Modification for SEP v12ru4 by Christopher Miller

    for ITSD-ISS of JHU-APL, Dated 2015-01-19, LastMod: 2015-10-23

    ############################################################################################

    Check to see if Norton v10 is installed

    if [ -f "/Library/Application Support/Norton Solutions Support/Norton AntiVirus/Engine/WHATSNEW.TXT" ]; then result=/bin/date -j -f "%b %d, %Y" "$(cat "/Library/Application Support/Norton Solutions Support/Norton AntiVirus/Engine/WHATSNEW.TXT" | grep "Symantec Security Response" | awk '{print $5, $6, $7}')" "+%Y-%m-%d 00:00:00" SEPinstall="Yes"
    fi

    Check to see if Norton v11 is installed

    if [ -f "/Library/Application Support/Symantec/AntiVirus/Engine/WHATSNEW.TXT" ]; then result=/bin/date -j -f "%b %d, %Y" "$(cat "/Library/Application Support/Symantec/AntiVirus/Engine/WHATSNEW.TXT" | grep "Symantec Security Response" | awk '{print $5, $6, $7}')" "+%Y-%m-%d 00:00:00" SEPinstall="Yes"
    fi

    Check to see if SEP v12ru4 or higher is installed

    NOTE: SEP v12ru5 and ru6 high versions re-introduced the 'Engine' Directory

    if [ -f "/Library/Application Support/Symantec/AntiVirus/engine.mfst" ]; then result=/bin/date -j -f "%Y%m%d" $(cat "/Library/Application Support/Symantec/AntiVirus/engine.mfst" | cut -c 2-12) "+%Y-%m-%d 00:00:00" SEPinstall="Yes"
    fi

    Check to see if we found any version of SEP

    if [ $SEPinstall != "Yes" ]; then result="Not Installed" fi

    echo "<result>$result</result>"
    exit 0

    Terms & ConditionsCookie settingsAccessibility statement