I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line.
I thought I’d share my experience with you.
Why is it useful to be able to update an Antivirus from the command line?
Because it lets you control the schedule of this process.
For instance you can decide that you want to try to update each time the computer is booted. Or when a user logs in. Or when the computer has been idling for a certain amount of time. Or even at fixed moments.
It can also be a very nice thing to be able to do that when the normal/automated update does not work. And this was my primary reason for developing this utility: Some of the users I had to support were not connecting often enough to their corporate intranet. And their “anti-virus update servers” are on said intranet. The IT/Security team for their corporate IT/network had specified to use McAfee’s public update servers at the end of the list of update servers, but for some reason, it was not working as expected. Since I was in a hurry and could not spend too much time debugging McAfee’s product, I decided to create a simple script and to make sure it was launched often enough.
I came across several sources on the web, but the one that was really helpful was:
https://community.mcafee.c
So I created a script that should be usable on most of the Windows systems that use McAfee virusscan. You need wget for this to work:
http://gnuwin32.sourceforg
Wget is used to get the SuperDAT utility that McAfee provides for free on its update servers. SuperDAT is a single .exe file, which can run silently and which updates McAfee’s antivirus systems (virus definitions AND engines).
I thought I’d share my experience with you.
Why is it useful to be able to update an Antivirus from the command line?
Because it lets you control the schedule of this process.
For instance you can decide that you want to try to update each time the computer is booted. Or when a user logs in. Or when the computer has been idling for a certain amount of time. Or even at fixed moments.
It can also be a very nice thing to be able to do that when the normal/automated update does not work. And this was my primary reason for developing this utility: Some of the users I had to support were not connecting often enough to their corporate intranet. And their “anti-virus update servers” are on said intranet. The IT/Security team for their corporate IT/network had specified to use McAfee’s public update servers at the end of the list of update servers, but for some reason, it was not working as expected. Since I was in a hurry and could not spend too much time debugging McAfee’s product, I decided to create a simple script and to make sure it was launched often enough.
I came across several sources on the web, but the one that was really helpful was:
https://community.mcafee.c
So I created a script that should be usable on most of the Windows systems that use McAfee virusscan. You need wget for this to work:
http://gnuwin32.sourceforg
Wget is used to get the SuperDAT utility that McAfee provides for free on its update servers. SuperDAT is a single .exe file, which can run silently and which updates McAfee’s antivirus systems (virus definitions AND engines).
As you can see, this script is very simple. Even too simple: It will download SuperDAT even if the current virus signature is already installed on the computer running the script.
So I decided that it was better to check for the current version level of the virus signature (that McAfee calls DAT files) and to compare it with the “newer” one that McAfee provides on its site.
Retrieving the current version level of the DAT file is quite easy, with some registry mining.
In my case (VirusScan 8.7 I think), this is the binary value stored here:
HKLM\SOFTWARE\McAfee\AVEng
Note that this may not be the actual value for YOUR version of VirusScan…
This is a DWord value that reg.exe will display as some Hexadecimal number. But I had to compare it to a decimal value and both are in environment variables, which are character strings. At first, I created a VB script on the fly (using echo commands) that I then invoked, just to be able to convert an hex to a decimal value. I’ll let you have it if you want that, but it’s a little too complex for this simple task. Which can be done a simpler way: Then, I remembered that you can use SET /A MyEnvVar = 0xFFFF (for instance) and that this will store the decimal equivalent of 0xFFFF in the environment variable “MyEnvVar”. So this is what I did. And now, I have a smarter command line script that I can use to fetch the latest and greatest McAfee’s SuperDAT utility only if you can actually update (and never if you are already up to date), and to run this utility silently.
Here is the latest version of the script I deployed:
If you found this article useful, please remember to click the "Yes" button.