none
Script to check Symantec Antivirus status

    Question

  • Hello:

    I have the follwoing VB script that checks antivirus staus and puts in in a excel spreadsheet - for some reason it does not work in windows Server 2008 machines.  This maybe due to the WMI objects not being correct.  Would someone please take a look and see if they find something wrong with it?  Also, is there a powershell script that would do this job?  Thank you in advance!

    Walid

    ***********************************************************************************************************************************

    On Error Resume Next

     

    Const ForReading = 1

    Const HKEY_LOCAL_MACHINE = &H80000002

    x = 2

     

    'Create an Excel Work Sheet

     

    Set objExcel = CreateObject("Excel.Application")

    objExcel.Visible = True

    objExcel.Workbooks.Add

     

    objExcel.Cells(1, 1).Value = "Machine Name"

    objExcel.Cells(1, 2).Value = "Parent Server"

    objExcel.Cells(1, 3).Value = "SAV Version"

    objExcel.Cells(1, 4).Value = "Virus Definition"

    objExcel.Cells(1, 5).Value = "Rev Number"

    objExcel.Cells(1, 6).Value = "Status"

    objExcel.Cells(1, 7).Value = "Report Time Stamp"

     

    objExcel.Range("A1:G1").Select

    objExcel.Selection.Interior.ColorIndex = 19

    objExcel.Selection.Font.ColorIndex = 11

    objExcel.Selection.Font.Bold = True

    objExcel.Cells.EntireColumn.AutoFit

     

     

    'Read machine names from a txt file

     

    Set Fso = CreateObject("Scripting.FileSystemObject")

    Set InputFile = fso.OpenTextFile("MachineList.Txt")

    Do While Not (InputFile.atEndOfStream)

    strComputer = InputFile.ReadLine

     

    intRow = x

     

    objExcel.Cells(intRow, 1).Value = strComputer

     

    GetRegInfo

     

    GetDefInfo

     

    objExcel.Cells(intRow, 7).Value = Now()

     

    set strValue = Nothing

    set dwValue = Nothing

    set strSavVersion = Nothing

    set objFSO = Nothing

    Set objFile = Nothing

    Set dtDefDate = Nothing

    Set strRevNumber= Nothing

     

    x = x + 1

     

    Loop

     

    Wscript.Echo "Done"

     

    '*********************************************************************************************************

    'Get information from Registry

     

    Sub GetRegInfo

     

    Set oReg=GetObject( _

       "winmgmts:{impersonationLevel=impersonate}!\\" &_

        strComputer & "\root\default:StdRegProv")

    strKeyPath = "SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion"

    strParent = "Parent"

    strProversion = "ProductVersion"

     

    oReg.GetStringValue _

       HKEY_LOCAL_MACHINE,strKeyPath,strParent,strValue

     

    objExcel.Cells(intRow, 2).Value = strValue

     

    oReg.GetDWORDValue _

       HKEY_LOCAL_MACHINE,strKeyPath,strProversion,dwValue

     

    Select Case dwValue

     

    Case 328336375

    strSavVersion ="10.1.5.5010"

     

    Case 23528424

    strSavVersion = "10.0.0.359"

     

    Case 65537001

    strSavVersion = "10.0.1.1000"

     

    Case 65995753

    strSavVersion = "10.0.1.1007"

     

    Case 66061289

    strSavVersion = "10.0.1.1008"

     

    Case 131073002

    strSavVersion = "10.0.2.2000"

     

    Case 131138538

    strSavVersion = "10.0.2.2001"

     

    Case 131728362

    strSavVersion = "10.0.2.2010"

     

    Case 132383722

    strSavVersion = "10.0.2.2020"

     

    Case 132449258

    strSavVersion = "10.0.2.2021"

     

    Case 25822194

    stSavVersion = "10.1.0.394"

     

    Case 25953266

    strSavVersion = "10.1.0.396"

     

    Case 26215410

    strSavVersion = "10.1.0.400"

     

    Case 26280946

    strSavVersion = "10.1.0.401"

     

    Case 65536905

    strSavVersion = "9.0.5.1000"

     

    Case 72090503

    strSavVersion = "9.0.3.1100"

     

    Case 65536903

    strSavVersion = "9.0.3.1000"

     

    Case 65536902

    strSavVersion = "9.0.2.1000"

     

    Case 65536901

    strSavVersion = "9.0.1.1000"

     

    Case 22152068

    StrSavversion = "9.0.0.338"

     

    Case 21562155

    strSavVersion = "8.1.1.329"

     

    Case 21168939

    strSavVersion = "8.1.1.323"

     

    Case 20906795

    strSavVersion = "8.1.1.319"

     

    Case 20579115

    strSavVersion = "8.1.1.314"

     

    Case 54068001

    strSavVersion = "8.1.0.825"

     

    Case 29950753

    strSavVersion = "8.0.1.457"

     

    Case 614597408

    strSavVersion = "8.0.0.9378"

     

    Case 614335264

    strSavVersion = "8.0.0.9374"

     

    Case 29229856

    strSavVersion = "8.0.0.446"

     

    Case 28640032

    strSavVersion = "8.0.0.437"

     

    Case 28443424

    strSavVersion = "8.0.0.434"

     

    Case 28115744

    strSavVersion = "8.0.0.429"

     

    Case 27853600

    strSavVersion = "8.0.0.425"

     

    Case 85197700

    strSavVersion = "7.60.926"

     

    Case 61997817

    strSavVersion = "7.6.1.946"

     

    Case 61473529

    strSavVersion = "7.6.1.938"

     

    Case 60949241

    strSavVersion = "7.6.1.930"

     

    Case 60687096

    strSavVersion = "7.6.1.926"

     

    Case 55509743

    strSavVersion = "7.5.1.847"

     

    Case 48366268

    strSavVersion = "7.0.0"

     

    End Select

     

    objExcel.Cells(intRow, 3).Value = strSavVersion

     

    End Sub

     

    '*******************************************************************************************************************

    'Get Virus definition from definfo.dat.

     

    Sub GetDefInfo

     

    Set objFSO = CreateObject("Scripting.FileSystemObject")

    Set objFile = objFSO.GetFile("\\" & strComputer & _

      "\c$\Program Files\Common Files\Symantec Shared\VirusDefs\definfo.dat")

     

    If objFSO.FileExists(objFile) Then

    Set objDatFile = objFSO.OpenTextFile(objFile, 1)

    Do Until objDatFile.AtEndOfStream

    strLine = objDatFile.Readline

    intCurDefs = InStr(strLine , "CurDefs")

       If intCurDefs > 0 Then

       strCurDefs = strLine

       strDateDefs = Mid(strCurDefs, 9, 8)

     

       dtYear = Left(strDateDefs, 4)

       dtMonth = Mid(strDateDefs, 5, 2)

       dtDay = Right(strDateDefs, 2)

       DateVirDefs = dtMonth & "/" & dtDay & "/" & dtYear

       dtDefDate = CDate(DatevirDefs)

     

       objExcel.Cells(intRow, 4).Value = dtDefDate

     

     If (date - dtDefDate) = 1 Then

     objExcel.Cells(intRow, 6).Value = "OK"

     Else

     objExcel.Cells(intRow, 6).Value = "Need Attention!"

     End If

     

       strRevNumber = Right(strCurDefs, 3)

       objExcel.Cells(intRow, 5).Value = strRevNumber

        

       End If

       Loop

       objDatFile.Close

     

    Else

    objExcel.Cells(intRow, 4).Value = "The file definfo.dat does not exist"

     

    End If

     

    End Sub


    Thursday, October 22, 2009 5:23 PM

Answers

  • First, I'd go on a Server 2008 box to make sure that registry directory is still valid.
    • Marked as answer by WalidG Thursday, October 22, 2009 7:19 PM
    Thursday, October 22, 2009 5:38 PM
    Moderator

All replies

  • First, I'd go on a Server 2008 box to make sure that registry directory is still valid.
    • Marked as answer by WalidG Thursday, October 22, 2009 7:19 PM
    Thursday, October 22, 2009 5:38 PM
    Moderator
  • This should also be possible in PowerShell.  If I had the time, I'd try this out completely just to compare the size of the script...
    Thursday, October 22, 2009 8:16 PM
    Moderator
  • Hi,

    Regarding converting VBScript to Powershell, please refer to the following guide:

    The VBScript-to-Windows PowerShell Conversion Guide
    http://www.microsoft.com/technet/scriptcenter/topics/winpsh/convert/default.mspx

    If you have difficulty to customize the script, I suggest that you initial a new post in The Official Scripting Guys Forum! to get further support there. They are the best resource for scripting related problems.

    The Official Scripting Guys Forum!
    http://social.technet.microsoft.com/Forums/en-US/ITCG/threads

    Thanks.

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Friday, October 23, 2009 3:23 AM
    Moderator
  • Marco -

    Thank you very much for your reply - actually, the 2008 boxes on which the script was failing was the 64bit OS - and that registry key was not valid since it was running the 32bit version of the Symantec AV on a 64 bit OS.  So, the registry key was actually under the wow64node.

    I would love to learn how to do this stuff in powershell!

    Walid
    Friday, October 23, 2009 4:20 AM
  • Thank you, Mervyn.  I actually did post this in the Scripting Guys Forum - hopefully someone already has created a powershell script for this.

    Friday, October 23, 2009 4:21 AM
  • Hi Walid,

    Thank you for your update. If you have other questions in the future, you’re welcomed to our forum.

    Thanks. 

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Monday, October 26, 2009 7:25 AM
    Moderator
  • The environment has windows 2008/2003 and 2000 servers and locations of definfo.dat are not the same. How to fit in that criteria in the above vbscript?
    Tuesday, August 17, 2010 6:52 AM