Jamf Nation Community

I am curious as to why you would waste your time with this when the SEPM should be able to report that stuff. I push all AV stuff to the teams that manage the AV servers.

The following works successfully with 12.1.4:
#!/bin/sh

if [ -e "/Applications/Symantec Solutions/Symantec Endpoint Protection.app" ]; then
echo "<result>$(defaults read /Applications/"Symantec Solutions"/"Symantec Endpoint Protection".app/Contents/Info CFBundleShortVersionString)</result>" else
echo "<result>N/A</result>"
fi

@josaxo][/url][/url][/url][/url][/url, that appears to just get you the app version.

Here is what I wrote (this needs more testing, I just threw this together), which actually gives me the integer version in days of the age of the definitions, which is more useful in my opinion. I can run a report or create a smart group to look for systems with defs that are older than our threshold and take automatic action based on that:

#!/bin/bash

# Get age of SEP definitions

sepPath="/Library/Application Support/Symantec/Antivirus"

if [ -f "$sepPath/Engine/WHATSNEW.TXT" ]; then
    result=`/bin/date -j -f "%b %d, %Y" "$(cat "/Library/Application Support/Symantec/AntiVirus/Engine/WHATSNEW.TXT" | grep "Symantec Security Response" | awk '{print $5, $6, $7}')" "+%s"`
else

for subDir in `ls "$sepPath"`; do
    if [ -d "$sepPath/$subDir" ] && [ -f "$sepPath/$subDir/whatsnew.txt" ] ; then
        subdefDate=`/bin/date -j -f "%b %d, %Y" "$(cat "$sepPath/$subDir/whatsnew.txt" | grep "Symantec Security Response" | awk '{print $5" " $6" " $7}')" "+%s"`
    fi
    if [ $result ]; then
        if [ $subdefDate -gt $result ]; then
            result=$subdefDate
        fi
    else
        result=$subdefDate
    fi
done
fi

curDate=`date "+%s"`

defAge=`echo $(((curDate - result)/60/60/24))`

echo "<result>$defAge</result>"

My fault - I read the post too quickly.

Yes, the SEPM can and does report it. However built-in security measures in OS X prevent live update from running when no one is logged into the system or the screen is locked. Consequently most of the systems on our 'out-of-date-more-than-5-days-report' are Macs. For us, there are industry requirements that we keep our Mac, Windows, and *nix systems up to date with whatever AV solution we use (and we have to use one) - so that's why I have to care. SEP 12.1.4 promises to fix the LU-not-running-with-no-console-user issue, but I have not really started testing that yet... To add insult to injury - if you try to force LU to run through the SEPM and it cannot because of one of the reasons above - it will become a zombie process and then LU will not run again until the Mac is restart or all LU processes are killed.

To that end I've written a number of scripts to force updates using Intelligent Update - it uses the built-in Installer binary to install a .pkg of def updates. A nightly job runs on one of our servers to curl the latest update package from Symantec, then distributes via casper syncing. A separate daily job runs on the Macs to curl that package from the internal servers and install. I don't want it applying to every Mac - because some actually do stay up to date - so that's why I care about an EA to tell me virus def dates. I wrote a blog article about it here: http://acdesigntech.wordpress.com/2012/01/18/live-update-does-not-run-when-no-user-is-logged-in-and-...

And these are the scripts I use to curl the latest updates and then the daily script to apply the latest update to a Mac:

#!/bin/bash
######################################################
## ServerSlipstream.sh written by Andrew Caldwell, 1/19/2012    ##
## This script pulls the latest virus defs from Symantecs website. ##
## And copies them to the Casper server. Also, deletes .pkgs      ##
## older than 3 days.                                                                      ##
######################################################

mkdir -p -m 777 /Users/isdadmin/Desktop/SEP121Updates

## Clean up the SEP121Updates folder first. If the only file on Symantec's defs site is more than 3 days old, it will be redownloaded below for application to newly deployed clients
cd /Users/admin/Desktop/SEP121Updates/
CurrentTime=`date +%s`                              ## Get current time in seconds
Time3DaysAgo=$(($CurrentTime - (3 * 86400)))        ## Get time 3 days ago in seconds
for i in `ls`; do                                   ## delete update files modified more than 3 days prior to save space on the server
    FileModTime=`stat -s $i | awk '{print $10}' | cut -d = -f2`
    if [ "$FileModTime" -lt "$Time3DaysAgo" ]; then
        ## If the mod time is less, the file was modified more than 3 days ago, remove it
        rm "$i"
    fi
done

## Repeat for the SEP121Updates folder on Casper server
cd /Volumes/CasperShare/SEP121Updates/
for i in `ls`; do                                   ## delete update files modified more than 3 days prior to save space on the server
    FileModTime=`stat -s $i | awk '{print $10}' | cut -d = -f2`
    if [ "$FileModTime" -lt "$Time3DaysAgo" ]; then
        ## If the mod time is less, the file was modified more than 3 days ago, remove it
        rm "$i"
    fi
done

## Get the current date. This will be used as a starting point to download the latest definitions
CurrDate=`date +%Y%m%d`
## A flag to signal the script when the update has been found and downloaded
UpdateFound=0

while [ $UpdateFound -eq 0 ]
do
    ## The filename is static except for the date it is released, so store this name in a variable
    ## to change if necessary
    DesiredUpdate="NavM_Intel_Installer_"$CurrDate"_US.zip"

    ## Use curl to generate a listing of the files on the Symantec website. Grep out the file that most
    ## closely resembles the desired update, then clean it up so we have just the filename
    RawFileListing=`curl -l ftp://ftp.symantec.com/public/english_us_canada/antivirus_definitions/norton_antivirus_mac/ | grep $DesiredUpdate`

    ## Compare the file curl found to the desired update filename. If they match, we've found the latest
    ## update, download it. If not, try again with the previous days' date
    if [ "$RawFileListing" == "$DesiredUpdate" ]; then
        UpdateFound=1
        curl ftp://ftp.symantec.com/public/english_us_canada/antivirus_definitions/norton_antivirus_mac/$DesiredUpdate > /Users/admin/Desktop/SEP121Updates/$DesiredUpdate
        cp /Users/admin/Desktop/SEP121Updates/$DesiredUpdate /Volumes/CasperShare/SEP121Updates/
    else
        ## If we haven't found the update with $CurrDate, it must be for a previous date. Decrease the day by 1 to
        ## check again for an update file from the day prior
        CurrDate=$(( $CurrDate - 1 ))
    fi
done

#!/bin/bash
########################################################################
## SymantecIntelligentUpdate.sh written by Andrew Caldwell, 1/19/2012 ##
## This script pulls the latest virus defs from Symantecs website     ## 
## and installs them using Intelligent Updater. This script ensures   ##
## Macs get the latest virus def updates even if no one is logged in  ##
########################################################################

## kill live update if it is running
killall LiveUpdate

## Get the current date in YYYYMMDD format. This will be used as a starting point to download the latest definitions
CurrDate=`date +%Y%m%d`
## A flag to signal the script when the update has been found and downloaded
UpdateFound=0

while [ $UpdateFound -eq 0 ]
do
    ## The filename is static except for the date it is released, so store this name in a variable
    ## to change if necessary
    DesiredUpdate="NavM_Intel_Installer_"$CurrDate"_US.zip"

    ## Use curl to generate a listing of the files on the Symantec website. Grep out the file that most
    ## closely resembles the desired update, then clean it up so we have just the filename
    FileListing=`ls /Volumes/CasperShare/SEP121Updates | grep $DesiredUpdate`

    ## Compare the file curl found to the desired update filename. If they match, we've found the latest
    ## update, download it. If not, try again with the previous days' date
    if [ "$FileListing" == "$DesiredUpdate" ]; then
        UpdateFound=1
        cp /Volumes/"$CasperDP"/SEP121Updates/$DesiredUpdate /Users/Shared/
        cd /Users/Shared/
        unzip $DesiredUpdate

        ## Install the updates
        installer -verbose -pkg SymantecAVDefs_Intel.pkg -target /
    else
        ## If we haven't found the update with the current date, it must be a previous date. Decrease the day by 1 to
        ## check again for an update file from the day prior
        CurrDate=$(( $CurrDate - 1 ))

    fi
done

## Clean up after the updates are finished
rm -rf $DesiredUpdate SymantecAVDefs_Intel.pkg

@alexjdale many thanks! Now the EA works regardless of the installed SEP version
@everyone also many thanks for your other suggestions
Greetings
Carlo