I had a customer where we had to find which is the last update time of the AV definitions files for the McAfee but did not had access to the orchestrator console.
The script will read the the AVDatVersion and AVDatDate from the registry and write it which then can be passed to a monitoring tool for alerting.
######################################################
#
# NAME: Get-AVStatus.ps1
#
# AUTHOR: Alin Daniel Stanciu
#
# COMMENT: Script to check the last update for McAfee antivirus by reading the registry
# keys and taking the last DAT version and DAT date
# In order to also check for services status uncomment last line
#
# VERSION HISTORY:
# 1.0 10.09.2017 – Initial release
# 2.0 21.09.2017 – Stable Version for production usage
# USAGE: get-avstatus.ps1 -computername Localhost
#
########################################################
#force the computername as a parameter of the script
param (
[parameter(mandatory=$true)][string]$computername
)
try {
#Set up the key that needs to be accessed and what registry tree it is under
$key = „Software\McAfee\AVEngine”
$type = [Microsoft.Win32.RegistryHive]::LocalMachine
#open up the registry on the remote machine and read out the TOE related registry values
$regkey = [Microsoft.win32.registrykey]::OpenRemoteBaseKey($type,$server)
$regkey = $regkey.opensubkey($key)
$status = $regkey.getvalue(„AVDatVersion”)
$datdate = $regkey.getvalue(„AVDatDate”)
}
catch {
try {
$key = „Software\Wow6432Node\McAfee\AVEngine”
$type = [Microsoft.Win32.RegistryHive]::LocalMachine
#open up the registry on the remote machine and read out the TOE related registry values
$regkey = [Microsoft.win32.registrykey]::OpenRemoteBaseKey($type,$server)
$regkey = $regkey.opensubkey($key)
$status = $regkey.getvalue(„AVDatVersion”)
$datdate = $regkey.getvalue(„AVDatDate”)
}
catch {
$status = „Cannot read regkey”
}
}
New-Object PSobject -Property @{
Computername = $computername
DATVersion = $status
DatDate = $datdate
} |select Computername,DatVersion,DatDate