SEP Definition version

dwhitehead
New Contributor

Has anybody figured out how to query the definition file's version and display it via an extension attribute?

2 REPLIES 2

scottb
Honored Contributor

clrlmiller
New Contributor III

I'd just finished updating this for the 3rd time a few days ago and am posting it for the 3rd party EA for SEP. It's ugly, but it works for us. We're likely moving to McAfee soon, so I'll get to start all over again.

EDIT: Noticed an issue with some of our machines running SEPv12 and the number of older def folders kept. This should now just query the 'engine.mfst' file for date info and should be absolute.

!/bin/sh

############################################################################################

Find the date of Virus Definitions for Norton AntiVirus or Symantec EndPoint

This script has been verified to work on Norton AntiVirus (v10, v11) and Symantec Endpoint (v11, v12).

Cobbled together from other's hard work

Modification for SEP v12ru4 by Christopher Miller

for ITSD-ISS of JHU-APL, Dated 2015-01-19, LastMod: 2015-10-23

############################################################################################

Check to see if Norton v10 is installed

if [ -f "/Library/Application Support/Norton Solutions Support/Norton AntiVirus/Engine/WHATSNEW.TXT" ]; then result=/bin/date -j -f "%b %d, %Y" "$(cat "/Library/Application Support/Norton Solutions Support/Norton AntiVirus/Engine/WHATSNEW.TXT" | grep "Symantec Security Response" | awk '{print $5, $6, $7}')" "+%Y-%m-%d 00:00:00" SEPinstall="Yes"
fi

Check to see if Norton v11 is installed

if [ -f "/Library/Application Support/Symantec/AntiVirus/Engine/WHATSNEW.TXT" ]; then result=/bin/date -j -f "%b %d, %Y" "$(cat "/Library/Application Support/Symantec/AntiVirus/Engine/WHATSNEW.TXT" | grep "Symantec Security Response" | awk '{print $5, $6, $7}')" "+%Y-%m-%d 00:00:00" SEPinstall="Yes"
fi

Check to see if SEP v12ru4 or higher is installed

NOTE: SEP v12ru5 and ru6 high versions re-introduced the 'Engine' Directory

if [ -f "/Library/Application Support/Symantec/AntiVirus/engine.mfst" ]; then result=/bin/date -j -f "%Y%m%d" $(cat "/Library/Application Support/Symantec/AntiVirus/engine.mfst" | cut -c 2-12) "+%Y-%m-%d 00:00:00" SEPinstall="Yes"
fi

Check to see if we found any version of SEP

if [ $SEPinstall != "Yes" ]; then result="Not Installed" fi

echo "<result>$result</result>"
exit 0