#comments-start
Title: SEPC Status Utility (Public)
Version: 2.5.3
Author: John Lamb (john@jmlamb.net)
AutoIt Version: 3.3.6.1
Description:
Script to perform a health check on a Windows computer running the Symantec Endpoint Protection 11.0 client.
#comments-end
; Require elevated administrator rights on Vista, Win7 and 2008 with UAC enabled.
#RequireAdmin
; ######################################################################
; Determine if OS is supported.
If (@OSVersion <> "WIN_2000") AND (@OSVersion <> "WIN_XP") AND (@OSVersion <> "WIN_2003") AND (@OSVersion <> "WIN_VISTA") AND (@OSVersion <> "WIN_7") AND (@OSVersion <> "WIN_2008") AND (@OSVersion <> "WIN_2008R2") Then
MsgBox(16, "Unsupported OS", "This utility does not support the installed operating system.")
Exit
EndIf
; ######################################################################
; Check if logged on user has local administrator rights.
If NOT IsAdmin() Then
MsgBox(16, "Insufficient Access", "The current logged on account (" & @LogonDomain & "\" & @UserName & ") does not have local administrator rights on this computer. Please logon with an administrator privleged account.")
Exit
EndIf
; ######################################################################
; Include supporting files.
#include <file.au3>
#include <Array.au3>
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>
#include <ButtonConstants.au3>
#include <ComboConstants.au3>
#include <EditConstants.au3>
#include <StaticConstants.au3>
#include <ProgressConstants.au3>
#include <INet.au3>
; ######################################################################
; Set AutoIt variables.
Opt("TrayIconHide", 0)
Opt("TrayMenuMode", 1)
Opt("MustDeclareVars", 1)
Opt("GUIOnEventMode", 1)
Opt("GUICloseOnESC", 0)
; ######################################################################
; Set script variables.
Global $strScript = "SEPC Status Utility"
Global $verMajor = "2", $verMinor = "5", $verPatch = "3"
Global $strAuthor = "John Lamb", $strEmail = "john@jmlamb.net"
Global $LogFile = @ScriptDir & "\SEPCStatusUtil.log"
Global $CfgFile = @ScriptDir & "\config.ini"
; ######################################################################
; Check if temp script folder exists and create if not.
; Uncompress script related files to logged on user's TEMP folder.
If NOT FileExists(@TempDir & "\SEPC Status Utility\") Then
DirCreate(@TempDir & "\SEPC Status Utility")
EndIf
FileInstall(".\sep_shield.ico", @TempDir & "\SEPC Status Utility\", 1)
FileInstall(".\symc_logo.jpg", @TempDir & "\SEPC Status Utility\", 1)
FileInstall(".\separator.bmp", @TempDir & "\SEPC Status Utility\", 1)
; ######################################################################
; Check for configuration file.
If NOT FileExists($CfgFile) Then
MsgBox(16, "Error", "The configuration file was not found. Please make sure its located in " & @ScriptDir & " and restart the utility.")
Exit
EndIf
; ######################################################################
; Rename log file if it exists.
If FileExists($LogFile) Then
FileMove($LogFile, @ScriptDir & "\SEPCStatusUtil_" & @YEAR & @MON & @MDAY & ".log", 1)
EndIf
; ######################################################################
; Store SEPM server and IIS port into variables.
Global $MgmtSrv = IniRead($CfgFile, "Management Server", "SEPM", "Not Found")
If $MgmtSrv = "Not Found" Then
MsgBox(16, "Error", "There was an error accessing the configuration file or reading the 'Management Server' section.")
EndIf
Global $IISPort = IniRead($CfgFile, "Management Server", "IISPort", "Not Found")
If $IISPort = "Not Found" Then
MsgBox(16, "Error", "There was an error accessing the configuration file or reading the 'Management Server' section.")
EndIf
; ######################################################################
Call("CreateGUI")
; Create GUI.
Func CreateGUI()
Local $gui
GUICreate("SEP Helper Suite", 300, 185, -1, -1, BitOR($WS_CAPTION, $WS_SYSMENU))
GUISetIcon(@TempDir & "\SEPC Status Utility\sep_shield.ico")
GUISetBkColor(0xFFFFFF)
GUISetState(@SW_SHOW, $gui)
GUISetOnEvent($GUI_EVENT_CLOSE, "ExitButton")
TraySetIcon(@TempDir & "\SEPC Status Utility\sep_shield.ico")
; File menu.
Local $menuFile = GUICtrlCreateMenu("&File")
Local $submenuExit = GUICtrlCreateMenuItem("Exit", $menuFile, 0)
GUICtrlSetOnEvent(-1, "ExitButton")
; Help menu.
Local $menuHelp = GUICtrlCreateMenu("&Help")
Local $submenuAbout = GUICtrlCreateMenuItem("About", $menuHelp, 0)
GUICtrlSetOnEvent(-1, "AboutButton")
Local $sepHelp = GUICtrlCreateMenuItem("", $menuHelp, 1)
Local $submenuDisclaimer = GUICtrlCreateMenuItem("Disclaimer", $menuHelp, 2)
GUICtrlSetOnEvent(-1, "DisclaimerButton")
; Symantec logo.
GUICtrlCreatePic(@TempDir & "\SEPC Status Utility\symc_logo.jpg", 10, 5, 0, 0)
; Script name information.
GUICtrlCreateLabel($strScript, 155, 15, 210, 30)
GUICtrlSetFont(-1, 10, "600", "", "Arial")
; Separator line.
GUICtrlCreatePic(@TempDir & "\SEPC Status Utility\separator.bmp", 0, 46, 300, 2)
; Progress Bar.
Global $StartLabel = GUICtrlCreateLabel("Click Start to begin...", 25, 65, 155, 20)
GUICtrlSetFont(-1, 9, "", "", "Arial")
Global $ProgressBar = GUICtrlCreateProgress(25, 85, 250, 20, $PBS_SMOOTH)
; Separator line.
GUICtrlCreatePic(@TempDir & "\SEPC Status Utility\separator.bmp", 0, 120, 300, 2)
; Start, Cancel and Close buttons.
Global $Start = GUICtrlCreateButton("Start", 135, 130, 75, 25, $BS_CENTER)
GUICtrlSetFont(-1, 10, "600", "", "")
GUICtrlSetOnEvent($Start, "StartButton")
GUICtrlSetState(-1, $GUI_SHOW)
Global $Cancel = GUICtrlCreateButton("Cancel", 215, 130, 75, 25, $BS_CENTER)
GUICtrlSetFont(-1, 10, "600", "", "")
GUICtrlSetOnEvent($Cancel, "ExitButton")
GUICtrlSetState(-1, $GUI_SHOW)
Global $Close = GUICtrlCreateButton("Close", 10, 130, 280, 25, $BS_CENTER)
GUICtrlSetFont(-1, 10, "600", "", "")
GUICtrlSetState(-1, $GUI_HIDE)
GUICtrlSetOnEvent(-1, "CloseButton")
Call("DisclaimerButton")
While 1
$gui = GUIGetMsg()
If $gui = $GUI_EVENT_CLOSE Then ExitLoop
WEnd
GUIDelete()
DirRemove(@TempDir & "\SEPC Status Utility", 1)
EndFunc
; ######################################################################
; Show message about the script when the About submenu is clicked.
Func AboutButton()
MsgBox(0, $strScript, "Welcome to the " & $strScript & " (v" & $verMajor & "." & $verMinor & "." & $verPatch & ")" & @CR & @CR & "This utility will inspect the health of the SEP client installed on this computer to determine if there are any issues.")
EndFunc
; ######################################################################
; Show disclaimer message when the Disclaimer submenu is cliced.
Func DisclaimerButton()
MsgBox(0, "Disclaimer", "THIS UTILITY IS NOT ENDORSED OR SUPPORTED BY SYMANTEC TECHNICAL SUPPORT. IF YOU REQUIRE ASSISTANCE PLEASE CONTACT THE AUTHOR AT JOHN@JMLAMB.NET." & @CR & @CR & "THIS UTILITY IS PROVIDED AS-IS WITHOUT WARRANTY OF ANY KIND. THE AUTHOR EXPRESSLY DISCLAIM ALL IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE AUTHOR SHALL HAVE NEITHER LIABILITY NOR RESPONSIBILITY TO ANY PERSON OR ENTITY WITH RESPECT TO ANY LOSS OR DAMAGES ARISING FROM THE USE OF THIS UTILITY." & @CR & @CR & "ALL REFERENCES MADE TO 'SYMANTEC', 'SYMANTEC ENDPOINT PROTECTION' AND 'SEP' ARE REGISTERED TRADEMARKS OF SYMANTEC CORPORATION.")
EndFunc
; ######################################################################
; Grey out Start and Cancel buttons, and start script.
Func StartButton()
GUICtrlSetState($Start, $GUI_DISABLE)
GUICtrlSetState($Cancel, $GUI_DISABLE)
Call("GetOSVer")
EndFunc
; ######################################################################
; Terminate script when the Exit submenu or Cancel button is clicked.
Func ExitButton()
GUIDelete()
DirRemove(@TempDir & "\SEPC Status Utility", 1)
Exit
EndFunc
; ######################################################################
; Operating system and service pack version.
Func GetOSVer()
If @OSVersion = "WIN_2000" Then
Global $strOSVer = "Windows 2000 Professional"
ElseIf @OSVersion = "WIN_XP" Then
Global $strOSVer = "Windows XP Professional"
ElseIf @OSVersion = "WIN_XPe" Then
Global $strOSVer = "Windows XP Embedded"
ElseIf @OSVersion = "WIN_VISTA" Then
Global $strOSVer = "Windows Vista"
ElseIf @OSVersion = "WIN_7" Then
Global $strOSVer = "Windows 7"
ElseIf @OSVersion = "WIN_2003" Then
Global $strOSVer = "Windows Server 2003"
ElseIf @OSVersion = "WIN_2008" Then
Global $strOSVer = "Windows Server 2008"
ElseIf @OSVersion = "WIN_2008R2" Then
Global $strOSVer = "Windows Server 2008 R2"
EndIf
GUICtrlSetState($StartLabel, $GUI_HIDE)
Global $OSVerLabel = GUICtrlCreateLabel("Retrieving Operating System version...", 10, 65, 280, 20)
GUICtrlSetFont(-1, 8, "", "", "Arial")
GUICtrlSetData($ProgressBar, 3)
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Operating system is... " & $strOSVer & " " & @OSServicePack & " " & @OSArch
Call("Report", $Step)
Sleep(1000)
Call("GetSEPVer")
EndFunc
; ######################################################################
; Version of SEP installed.
Func GetSEPVer()
GUICtrlSetState($OSVerLabel, $GUI_HIDE)
Global $SEPVerLabel = GUICtrlCreateLabel("Retrieving SEP client version...", 10, 65, 280, 20)
GUICtrlSetFont(-1, 8, "", "", "Arial")
If @OSArch = "X86" Then
Global $strSEPVer = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC", "ProductVersion")
If (@error = 1 OR @error = -1) Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking client version... Unable to access 'ProductVersion' registry key/value."
Call("Report", $Step)
Call("Error")
Else
Local $strSepProdCode = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC", "ProductCode")
Local $strSepInstDate = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\" & $strSepProdCode, "InstallDate")
Local $year = StringMid($strSepInstDate, 1, 4)
Local $month = StringMid($strSepInstDate, 5, 2)
Local $day = StringMid($strSepInstDate, 7, 2)
Local $installed = $month & "/" & $day & "/" & $year
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking client version... " & $strSEPVer & " (Installed: " & $installed & ")"
Call("Report", $Step)
EndIf
ElseIf @OSArch = "X64" Then
Global $strSEPVer = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\SMC", "ProductVersion")
If (@error = 1 OR @error = -1) Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking client version... Unable to access 'ProductVersion' registry key/value."
Call("Report", $Step)
Call("Error")
Else
Local $strSepProdCode = RegRead("HKEY_LOCAL_MACHINE64\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC", "ProductCode")
Local $strSepInstDate = RegRead("HKEY_LOCAL_MACHINE64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\" & $strSepProdCode, "InstallDate")
Local $year = StringMid($strSepInstDate, 1, 4)
Local $month = StringMid($strSepInstDate, 5, 2)
Local $day = StringMid($strSepInstDate, 7, 2)
Local $installed = $month & "/" & $day & "/" & $year
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking client version... " & $strSEPVer & " (Installed: " & $installed & ")"
Call("Report", $Step)
EndIf
EndIf
GUICtrlSetData($ProgressBar, 6)
Sleep(1000)
Call("GetSEPPath")
EndFunc
; ######################################################################
; Location where SEP client is installed.
Func GetSEPPath()
GUICtrlSetState($SEPVerLabel, $GUI_HIDE)
Global $SEPPathLabel = GUICtrlCreateLabel("Retrieving SEP client install path...", 10, 65, 280, 20)
GUICtrlSetFont(-1, 8, "", "", "Arial")
If @OSArch = "X86" Then
Global $strSEPPath = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps", "SAV Install Directory")
If (@error = 1 OR @error = -1) Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking install path... Unable to access 'SAV Install Directory' registry key/value."
Call("Report", $Step)
Call("Error")
Else
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking install path... " & $strSEPPath
Call("Report", $Step)
EndIf
ElseIf @OSArch = "X64" Then
Global $strSEPPath = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\InstalledApps", "SAV Install Directory")
If (@error = 1 OR @error = -1) Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking install path... Unable to access 'SAV Install Directory' registry key/value."
Call("Report", $Step)
Call("Error")
Else
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking install path... " & $strSEPPath
Call("Report", $Step)
EndIf
EndIf
GUICtrlSetData($ProgressBar, 9)
Sleep(1000)
Call("GetPol")
EndFunc
; ######################################################################
; Get policy number in use.
Func GetPol()
GUICtrlSetState($SEPPathLabel, $GUI_HIDE)
Global $PolNumLabel = GUICtrlCreateLabel("Retrieving applied policy serial number...", 10, 65, 280, 20)
GUICtrlSetFont(-1, 8, "", "", "Arial")
If @OSArch = "X86" Then
Local $strPol = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink", "SerialNumber")
If (@error = 1 OR @error = -1) Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking policy serial number... Unable to access 'SerialNumber' registry key/value."
Call("Report", $Step)
Else
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking policy serial number... " & $strPol
Call("Report", $Step)
EndIf
ElseIf @OSArch = "X64" Then
Local $strPol = RegRead("HKEY_LOCAL_MACHINE64\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink", "SerialNumber")
If (@error = 1 OR @error = -1) Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking policy serial number... Unable to access 'SerialNumber' registry key/value."
Call("Report", $Step)
Else
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking policy serial number... " & $strPol
Call("Report", $Step)
EndIf
EndIf
GUICtrlSetData($ProgressBar, 12)
Sleep(1000)
Call("GetAVDefs")
EndFunc
; ######################################################################
; Loaded AV definitions.
Func GetAVDefs()
GUICtrlSetState($PolNumLabel, $GUI_HIDE)
Global $AVDefsLabel = GUICtrlCreateLabel("Retrieving loaded Antivirus definitions...", 10, 65, 280, 20)
GUICtrlSetFont(-1, 8, "", "", "Arial")
If @OSArch = "X86" Then
Local $strAVDefs = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs", "DEFWATCH_10")
ElseIf @OSArch = "X64" Then
Local $strAVDefs = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\SharedDefs", "DEFWATCH_10")
EndIf
If @error = 1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking AV definitions... Unable to access 'DEFWATCH_10' registry key."
Call("Report", $Step)
ElseIf @error = -1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking AV definitions... Definitions do not appear to be present or 'DEFWATCH_10' registry value is missing. Please run LiveUpdate to correct."
Call("Report", $Step)
Else
Local $strAVDefsDate = StringSplit($strAVDefs, "\")
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking AV definitions... " & $strAVDefsDate[6] & " loaded"
Call("Report", $Step)
EndIf
GUICtrlSetData($ProgressBar, 15)
Sleep(1000)
Call("GetPTPDefs")
EndFunc
; ######################################################################
; Loaded PTP definitions.
Func GetPTPDefs()
GUICtrlSetState($AVDefsLabel, $GUI_HIDE)
Global $PTPDefsLabel = GUICtrlCreateLabel("Retrieving loaded Proactive Threat Protection definitions...", 10, 65, 280, 20)
GUICtrlSetFont(-1, 8, "", "", "Arial")
If @OSArch = "X86" Then
Local $strPTPDefsA1 = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\Content\{812CD25E-1049-4086-9DDD-A4FAE649FBDF}", "CurrentSequenceNum")
If @error = 1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking PTP B1 definitions... Unable to access '{812CD25E-1049-4086-9DDD-A4FAE649FBDF}' registry key."
Call("Report", $Step)
ElseIf @error = -1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking PTP B1 definitions... Definitions do not appear to be present or 'CurrentSequenceNum' registry value is missing. Please run LiveUpdate to correct."
Call("Report", $Step)
Else
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking PTP A1 definitions... " & $strPTPDefsA1 & " loaded"
Call("Report", $Step)
EndIf
Local $strPTPDefsB1 = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\Content\{E5A3EBEE-D580-421e-86DF-54C0B3739522}", "CurrentSequenceNum")
If @error = 1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking PTP B1 definitions... Unable to access '{E5A3EBEE-D580-421e-86DF-54C0B3739522}' registry key."
Call("Report", $Step)
ElseIf @error = -1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking PTP B1 definitions... Definitions do not appear to be present or 'CurrentSequenceNum' registry value is missing. Please run LiveUpdate to correct."
Call("Report", $Step)
Else
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking PTP B1 definitions... " & $strPTPDefsB1 & " loaded"
Call("Report", $Step)
EndIf
ElseIf @OSArch = "X64" Then
Local $strPTPDefsA1 = RegRead("HKEY_LOCAL_MACHINE64\SOFTWARE\Symantec\Symantec Endpoint Protection\Content\{E1A6B4FF-6873-4200-B6F6-04C13BF38CF3}", "CurrentSequenceNum")
If @error = 1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking PTP A1 definitions... Unable to access '{E1A6B4FF-6873-4200-B6F6-04C13BF38CF3}' registry key."
Call("Report", $Step)
ElseIf @error = -1 Then
If ($strOSVer = "Windows XP Professional") OR ($strOSVer = "Windows Vista") OR ($strOSVer = "Windows 7") Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking PTP A1 definitions... Definitions do not appear to be present or 'CurrentSequenceNum' registry value is missing. Please run LiveUpdate to correct."
Call("Report", $Step)
Else
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking PTP A1 definitions... Installed operating system is " & $strOSVer & ". PTP component is not installed."
Call("Report", $Step)
EndIf
Else
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking PTP A1 definitions... " & $strPTPDefsA1 & " loaded"
Call("Report", $Step)
EndIf
Local $strPTPDefsB1 = RegRead("HKEY_LOCAL_MACHINE64\SOFTWARE\Symantec\Symantec Endpoint Protection\Content\{CC40C428-1830-44ef-B8B2-920A0B761793}", "CurrentSequenceNum")
If @error = 1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking PTP B1 definitions... Unable to access '{CC40C428-1830-44ef-B8B2-920A0B761793}' registry key."
Call("Report", $Step)
ElseIf @error = -1 Then
If ($strOSVer = "Windows XP Professional") OR ($strOSVer = "Windows Vista") OR ($strOSVer = "Windows 7") Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking PTP B1 definitions... Definitions do not appear to be present or 'CurrentSequenceNum' registry value is missing. Please run LiveUpdate to correct."
Call("Report", $Step)
Else
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking PTP B1 definitions... Installed operating system is " & $strOSVer & ". PTP component is not installed."
Call("Report", $Step)
EndIf
Else
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking PTP B1 definitions... " & $strPTPDefsB1 & " loaded"
Call("Report", $Step)
EndIf
EndIf
GUICtrlSetData($ProgressBar, 18)
Sleep(1000)
Call("GetSyKnAppsDefs")
EndFunc
; ######################################################################
; Loaded Known Applications (whitelist) definitions.
Func GetSyKnAppsDefs()
GUICtrlSetState($PTPDefsLabel, $GUI_HIDE)
Global $SyKnAppsDefsLabel = GUICtrlCreateLabel("Retrieving loaded Known Applications definitions...", 10, 65, 280, 20)
GUICtrlSetFont(-1, 8, "", "", "Arial")
If @OSArch = "X86" Then
Local $strSyKnAppsDefs = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\Content\{C25CEA47-63E5-447b-8D95-C79CAE13FF79}", "CurrentSequenceNum")
ElseIf @OSArch = "X64" Then
Local $strSyKnAppsDefs = RegRead("HKEY_LOCAL_MACHINE64\SOFTWARE\Symantec\Symantec Endpoint Protection\Content\{C25CEA47-63E5-447b-8D95-C79CAE13FF79}", "CurrentSequenceNum")
EndIf
If @error = 1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking SyKnAppS definitions... Unable to access '{C25CEA47-63E5-447b-8D95-C79CAE13FF79}' registry key."
Call("Report", $Step)
ElseIf @error = -1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking SyKnAppS definitions... Definitions do not appear to be present or 'CurrentSequenceNum' registry value is missing. Please run LiveUpdate to correct."
Call("Report", $Step)
Else
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking SyKnAppS definitions... " & $strSyKnAppsDefs & " loaded"
Call("Report", $Step)
EndIf
GUICtrlSetData($ProgressBar, 21)
Sleep(1000)
Call("GetIPSDefs")
EndFunc
; ######################################################################
; Loaded IPS definitions.
Func GetIPSDefs()
GUICtrlSetState($SyKnAppsDefsLabel, $GUI_HIDE)
Global $IPSDefsLabel = GUICtrlCreateLabel("Retrieving loaded Intrusion Prevention definitions...", 10, 65, 280, 20)
GUICtrlSetFont(-1, 8, "", "", "Arial")
If @OSArch = "X86" Then
Local $strIPSDefs = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\Content\{D3769926-05B7-4ad1-9DCF-23051EEE78E3}", "CurrentSequenceNum")
If @error = 1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking IPS definitions... Unable to access '{D3769926-05B7-4ad1-9DCF-23051EEE78E3}' registry key."
Call("Report", $Step)
ElseIf @error = -1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking IPS definitions... Definitions do not appear to be present or 'CurrentSequenceNum' registry value is missing. Please run LiveUpdate to correct."
Call("Report", $Step)
Else
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking IPS definitions... " & $strIPSDefs & " loaded"
Call("Report", $Step)
EndIf
ElseIf @OSArch = "X64" Then
Local $strIPSDefs = RegRead("HKEY_LOCAL_MACHINE64\SOFTWARE\Symantec\Symantec Endpoint Protection\Content\{42B17E5E-4E9D-4157-88CB-966FB4985928}", "CurrentSequenceNum")
If @error = 1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking IPS definitions... Unable to access '{42B17E5E-4E9D-4157-88CB-966FB4985928}' registry key."
Call("Report", $Step)
ElseIf @error = -1 Then
If ($strOSVer = "Windows XP Professional") OR ($strOSVer = "Windows Vista") OR ($strOSVer = "Windows 7") Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking IPS definitions... Definitions do not appear to be present or 'CurrentSequenceNum' registry value is missing. Please run LiveUpdate to correct."
Call("Report", $Step)
Else
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking IPS definitions... Installed operating system is " & $strOSVer & ". NTP component is not installed."
Call("Report", $Step)
EndIf
Else
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking IPS definitions... " & $strIPSDefs & " loaded"
Call("Report", $Step)
EndIf
EndIf
GUICtrlSetData($ProgressBar, 24)
Sleep(1000)
Call("GetTPMState")
EndFunc
; ######################################################################
Func GetTPMState()
GUICtrlSetState($IPSDefsLabel, $GUI_HIDE)
Global $TPMLabel = GUICtrlCreateLabel("Checking Third Party Management state...", 10, 65, 280, 20)
GUICtrlSetFont(-1, 8, "", "", "Arial")
If @OSArch = "X86" Then
Local $TPMState = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC", "TPMState")
ElseIf @OSArch = "X64" Then
Local $TPMState = RegRead("HKEY_LOCAL_MACHINE64\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC", "TPMState")
EndIf
If @error Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking Third Party Content Management state... Disabled"
Call("Report", $Step)
ElseIf $TPMState = 0 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking Third Party Content Management state... Disabled"
Call("Report", $Step)
ElseIf $TPMState = 1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking Third Party Content Management state... Enabled"
Call("Report", $Step)
ElseIf $TPMState = 80 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking Third Party Content Management state... Enabled manually"
Call("Report", $Step)
ElseIf $TPMState = 81 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking Third Party Content Management state... Enabled manually then by policy"
Call("Report", $Step)
EndIf
GUICtrlSetData($ProgressBar, 27)
Sleep(1000)
Call("GetGroup")
EndFunc
; ######################################################################
; Client group location.
Func GetGroup()
GUICtrlSetState($TPMLabel, $GUI_HIDE)
Global $GroupLabel = GUICtrlCreateLabel("Retrieving client group membership...", 10, 65, 280, 20)
GUICtrlSetFont(-1, 8, "", "", "Arial")
If $strSEPVer >= "11.0.6005.562" Then
If @OSArch = "X86" Then
Local $strGroup = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink", "CurrentGroup")
ElseIf @OSArch = "X64" Then
Local $strGroup = RegRead("HKEY_LOCAL_MACHINE64\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink", "CurrentGroup")
EndIf
If @error = 1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking client's current group... Unable to access 'SyLink' registry key."
Call("Report", $Step)
Else
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking client's current group... " & $strGroup
Call("Report", $Step)
EndIf
ElseIf $strSEPVer < "11.0.6005.562" Then
If @OSArch = "X86" Then
Local $strGroup = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink", "PreferredGroup")
ElseIf @OSArch = "X64" Then
Local $strGroup = RegRead("HKEY_LOCAL_MACHINE64\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink", "PreferredGroup")
EndIf
If @error = 1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking client's preferred group... Unable to access 'SyLink' registry key."
Call("Report", $Step)
Else
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking client's preferred group... " & $strGroup
Call("Report", $Step)
EndIf
EndIf
GUICtrlSetData($ProgressBar, 33)
Sleep(1000)
Call("GetLocation")
EndFunc
; ######################################################################
Func GetLocation()
GUICtrlSetState($GroupLabel, $GUI_HIDE)
Global $LocationLabel = GUICtrlCreateLabel("Retrieving client current location...", 10, 65, 280, 20)
GUICtrlSetFont(-1, 8, "", "", "Arial")
If @OSArch = "X86" Then
Local $strLocation = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC", "CurLocation")
ElseIf @OSArch = "X64" Then
Local $strLocation = RegRead("HKEY_LOCAL_MACHINE64\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC", "CurLocation")
EndIf
If @error = 1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking client's current location... Unable to access 'SMC' registry key."
Call("Report", $Step)
ElseIf @error = -1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking client's current location... Unable to access 'CurLocation' registry value."
Call("Report", $Step)
Else
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking client's current location... " & $strLocation
Call("Report", $Step)
EndIf
GUICtrlSetData($ProgressBar, 36)
Sleep(1000)
Call("GetRTPStatus")
EndFunc
; ######################################################################
; Real-time scanning status.
Func GetRTPStatus()
GUICtrlSetState($LocationLabel, $GUI_HIDE)
Global $RTPLabel = GUICtrlCreateLabel("Retrieving Real-Time scanning status...", 10, 65, 280, 20)
GUICtrlSetFont(-1, 8, "", "", "Arial")
If @OSArch = "X86" Then
Local $strRTP = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Storages\Filesystem", "ServiceStatus")
ElseIf @OSArch = "X64" Then
Local $strRTP = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Storages\Filesystem", "ServiceStatus")
EndIf
If (@error = 1 OR @error = -1) Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking real-time scanning status... Unable to access 'ServiceStatus' registry key/value."
Call("Report", $Step)
ElseIf $strRTP = 0 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking real-time scanning status... Disabled"
Call("Report", $Step)
ElseIf $strRTP = 1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking real-time scanning status... Enabled"
Call("Report", $Step)
EndIf
GUICtrlSetData($ProgressBar, 39)
Sleep(1000)
Call("GetInetMailStatus")
EndFunc
; ######################################################################
; POP3/SMTP scanning status.
Func GetInetMailStatus()
GUICtrlSetState($RTPLabel, $GUI_HIDE)
Global $InetMailLabel = GUICtrlCreateLabel("Retrieving POP3/SMTP scanning status...", 10, 65, 280, 20)
GUICtrlSetFont(-1, 8, "", "", "Arial")
If @OSArch = "X86" Then
Local $strInetMail = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Storages\InternetMail", "ServiceStatus")
ElseIf @OSArch = "X64" Then
Local $strInetMail = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Storages\InternetMail", "ServiceStatus")
EndIf
If (@error = 1 OR @error = -1) Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking POP3/SMTP scanning status... Unable to access 'ServiceStatus' registry key/value."
Call("Report", $Step)
ElseIf $strInetMail = 0 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking POP3/SMTP scanning status... Disabled"
Call("Report", $Step)
ElseIf $strInetMail = 1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking POP3/SMTP scanning status... Enabled"
Call("Report", $Step)
EndIf
GUICtrlSetData($ProgressBar, 42)
Sleep(1000)
Call("GetNotesStatus")
EndFunc
; ######################################################################
; Lotus Notes integration status.
Func GetNotesStatus()
GUICtrlSetState($InetMailLabel, $GUI_HIDE)
Global $NotesLabel = GUICtrlCreateLabel("Retrieving Lotus Notes integration status...", 10, 65, 280, 20)
GUICtrlSetFont(-1, 8, "", "", "Arial")
If @OSArch = "X86" Then
Local $strNotes = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Storages\LotusNotes", "ServiceStatus")
ElseIf @OSArch = "X64" Then
Local $strNotes = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Storages\LotusNotes", "ServiceStatus")
EndIf
If (@error = 1 OR @error = -1) Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking Lotus Notes integration status... Unable to access 'ServiceStatus' registry key/value."
Call("Report", $Step)
ElseIf $strNotes = 0 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking Lotus Notes integration status... Disabled"
Call("Report", $Step)
ElseIf $strNotes = 1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking Lotus Notes integration status... Enabled"
Call("Report", $Step)
EndIf
GUICtrlSetData($ProgressBar, 45)
Sleep(1000)
Call("GetOutlookStatus")
EndFunc
; ######################################################################
; MS Outlook integration status.
Func GetOutlookStatus()
GUICtrlSetState($NotesLabel, $GUI_HIDE)
Global $OutlookLabel = GUICtrlCreateLabel("Retrieving MS Outlook integration status...", 10, 65, 280, 20)
GUICtrlSetFont(-1, 8, "", "", "Arial")
If @OSArch = "X86" Then
Local $strOutlook = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Storages\MicrosoftExchangeClient", "ServiceStatus")
ElseIf @OSArch = "X64" Then
Local $strOutlook = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Storages\MicrosoftExchangeClient", "ServiceStatus")
EndIf
If (@error = 1 OR @error = -1) Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking MS Outlook integration status... Unable to access 'ServiceStatus' registry key/value."
Call("Report", $Step)
ElseIf $strOutlook = 0 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking MS Outlook integration status... Disabled"
Call("Report", $Step)
ElseIf $strOutlook = 1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking MS Outlook integration status... Enabled"
Call("Report", $Step)
EndIf
GUICtrlSetData($ProgressBar, 48)
Sleep(1000)
Call("GetPTPStatus")
EndFunc
; ######################################################################
; Proactive Threat Protection status.
Func GetPTPStatus()
GUICtrlSetState($OutlookLabel, $GUI_HIDE)
Global $PTPLabel = GUICtrlCreateLabel("Retrieving Proactive Threat Protection status...", 10, 65, 280, 20)
GUICtrlSetFont(-1, 8, "", "", "Arial")
If @OSArch = "X86" Then
Local $strPTP = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Storages\SymHeurProcessProtection", "ServiceStatus")
ElseIf @OSArch = "X64" Then
Local $strPTP = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Storages\SymHeurProcessProtection", "ServiceStatus")
EndIf
If (@error = 1 OR @error = -1) Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking Proactive Threat Protection status... Unable to access 'ServiceStatus' registry key/value."
Call("Report", $Step)
ElseIf $strPTP = 0 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking Proactive Threat Protection status... Disabled"
Call("Report", $Step)
ElseIf $strPTP = 1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking Proactive Threat Protection status... Enabled"
Call("Report", $Step)
EndIf
GUICtrlSetData($ProgressBar, 51)
Sleep(1000)
Call("GetTamperStatus")
EndFunc
; ######################################################################
; Tamper Protection status.
Func GetTamperStatus()
GUICtrlSetState($PTPLabel, $GUI_HIDE)
Global $TamperLabel = GUICtrlCreateLabel("Retrieving Tamper Protection status...", 10, 65, 280, 20)
GUICtrlSetFont(-1, 8, "", "", "Arial")
If @OSArch = "X86" Then
Local $strTamper = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Storages\SymProtect", "ServiceStatus")
ElseIf @OSArch = "X64" Then
Local $strTamper = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Storages\SymProtect", "ServiceStatus")
EndIf
If (@error = 1 OR @error = -1) Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking Tamper Protection status... Unable to access 'ServiceStatus' registry key/value."
Call("Report", $Step)
ElseIf $strTamper = 0 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking Tamper Protection status... Disabled"
Call("Report", $Step)
ElseIf $strTamper = 1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking Tamper Protection status... Enabled"
Call("Report", $Step)
EndIf
GUICtrlSetData($ProgressBar, 54)
Sleep(1000)
Call("GetNTPStatus")
EndFunc
; ######################################################################
; Network Threat Protection status.
Func GetNTPStatus()
GUICtrlSetState($TamperLabel, $GUI_HIDE)
Global $NTPLabel = GUICtrlCreateLabel("Retrieving Network Threat Protection status...", 10, 65, 280, 20)
GUICtrlSetFont(-1, 8, "", "", "Arial")
If @OSArch = "X86" Then
Local $strNTP = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC", "smc_engine_status")
ElseIf @OSArch = "X64" Then
Local $strNTP = RegRead("HKEY_LOCAL_MACHINE64\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC", "smc_engine_status")
EndIf
If (@error = 1 OR @error = -1) Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking Network Threat Protection status... Unable to access 'smc_engine_status' registry key/value."
Call("Report", $Step)
ElseIf $strNTP = 0 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking Network Threat Protection status... Disabled"
Call("Report", $Step)
ElseIf $strNTP = 1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking Network Threat Protection status... Enabled"
Call("Report", $Step)
EndIf
GUICtrlSetData($ProgressBar, 57)
Sleep(1000)
Call("GetSmcService")
EndFunc
; ######################################################################
; Symantec Management Client service status.
Func GetSmcService()
GUICtrlSetState($NTPLabel, $GUI_HIDE)
Global $SmcLabel = GUICtrlCreateLabel("Retrieving SmcService service status...", 10, 65, 280, 20)
GUICtrlSetFont(-1, 8, "", "", "Arial")
Local $objWMI = ObjGet("winmgmts:\root\CIMV2")
If @error = 1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking SmcService service status... Unable to query WMI. Please make sure service is running. (Needs attention!)"
Call("Report", $Step)
Else
Local $objItems = $objWMI.ExecQuery("SELECT State FROM Win32_Service WHERE Name = 'SmcService'", "WQL")
If IsObj($objItems) Then
For $objItem In $objItems
If $objItem.State = "Running" Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking SmcService service status... " & $objItem.State
Call("Report", $Step)
Else
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking SmcService service status... " & $objItem.State & " (Needs attention!)"
Call("Report", $Step)
EndIf
Next
EndIf
EndIf
GUICtrlSetData($ProgressBar, 60)
Sleep(1000)
Call("GetSAVService")
EndFunc
; ######################################################################
; Symantec AntiVirus service status.
Func GetSAVService()
GUICtrlSetState($SmcLabel, $GUI_HIDE)
Global $SAVLabel = GUICtrlCreateLabel("Retrieving Symantec Antivirus service status...", 10, 65, 280, 20)
GUICtrlSetFont(-1, 8, "", "", "Arial")
Local $objWMI = ObjGet("winmgmts:\root\CIMV2")
If @error = 1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking Symantec AntiVirus service status... Unable to query WMI. Please make sure service is running. (Needs attention!)"
Call("Report", $Step)
Else
Local $objItems = $objWMI.ExecQuery("SELECT State FROM Win32_Service WHERE Name = 'Symantec AntiVirus'", "WQL")
If IsObj($objItems) Then
For $objItem In $objItems
If $objItem.State = "Running" Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking Symantec AntiVirus service status... " & $objItem.State
Call("Report", $Step)
Else
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking Symantec AntiVirus service status... " & $objItem.State & " (Needs attention!)"
Call("Report", $Step)
EndIf
Next
EndIf
EndIf
GUICtrlSetData($ProgressBar, 63)
Sleep(1000)
Call("GetccEvtMgr")
EndFunc
; ######################################################################
; ccEvtMgr service status.
Func GetccEvtMgr()
GUICtrlSetState($SAVLabel, $GUI_HIDE)
Global $EvtMgrLabel = GUICtrlCreateLabel("Retrieving ccEvtMgr service status...", 10, 65, 280, 20)
GUICtrlSetFont(-1, 8, "", "", "Arial")
Local $objWMI = ObjGet("winmgmts:\root\CIMV2")
If @error = 1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking ccEvtMgr service status... Unable to query WMI. Please make sure service is running. (Needs attention!)"
Call("Report", $Step)
Else
Local $objItems = $objWMI.ExecQuery("SELECT State FROM Win32_Service WHERE Name = 'ccEvtMgr'", "WQL")
If IsObj($objItems) Then
For $objItem In $objItems
If $objItem.State = "Running" Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking ccEvtMgr service status... " & $objItem.State
Call("Report", $Step)
Else
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking ccEvtMgr service status... " & $objItem.State & " (Needs attention!)"
Call("Report", $Step)
EndIf
Next
EndIf
EndIf
GUICtrlSetData($ProgressBar, 66)
Sleep(1000)
Call("GetccSetMgr")
EndFunc
; ######################################################################
; ccSetMgr service status.
Func GetccSetMgr()
GUICtrlSetState($EvtMgrLabel, $GUI_HIDE)
Global $SetMgrLabel = GUICtrlCreateLabel("Retrieving ccSetMgr service status...", 10, 65, 280, 20)
GUICtrlSetFont(-1, 8, "", "", "Arial")
Local $objWMI = ObjGet("winmgmts:\root\CIMV2")
If @error = 1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking ccSetMgr service status... Unable to query WMI. Please make sure service is running. (Needs attention!)"
Call("Report", $Step)
Else
Local $objItems = $objWMI.ExecQuery("SELECT State FROM Win32_Service WHERE Name = 'ccSetMgr'", "WQL")
If IsObj($objItems) Then
For $objItem In $objItems
If $objItem.State = "Running" Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking ccSetMgr service status... " & $objItem.State
Call("Report", $Step)
Else
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking ccSetMgr service status... " & $objItem.State & " (Needs attention!)"
Call("Report", $Step)
EndIf
Next
EndIf
EndIf
GUICtrlSetData($ProgressBar, 69)
Sleep(1000)
Call("GetSyLink")
EndFunc
; ######################################################################
; Get miscellaneous sylink details.
Func GetSyLink()
GUICtrlSetState($SetMgrLabel, $GUI_HIDE)
Global $SyLinkLabel = GUICtrlCreateLabel("Retrieving SyLink information...", 10, 65, 280, 20)
GUICtrlSetFont(-1, 8, "", "", "Arial")
Local $fSyLink = FileOpen($strSEPPath & "SyLink.xml", 0)
If @error = -1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Reading SyLink.xml... Unable to access. (Needs attention!)"
Call("Report", $Step)
Else
Local $rSyLink1 = FileReadLine($fSyLink, 2)
Local $strDomainID = StringSplit($rSyLink1, " ", 0)
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Reading SyLink.xml..."
Call("Report", $Step)
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : " & $strDomainID[2]
Call("Report", $Step)
Local $rSyLink2 = FileReadLine($fSyLink, 4)
Local $strCommMode = StringSplit($rSyLink2, " ", 0)
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : " & $strCommMode[7]
Call("Report", $Step)
Local $rSyLink3 = FileReadLine($fSyLink, 4)
Local $strHeartbeat = StringSplit($rSyLink3, " ", 0)
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : " & $strHeartbeat[10]
Call("Report", $Step)
If $strSEPVer >= "11.0.6005.562" Then
Local $rSyLink4 = FileReadLine($fSyLink, 4)
Local $strUploadApps = StringSplit($rSyLink4, " ", 0)
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : " & $strUploadApps[16]
Call("Report", $Step)
ElseIf $strSEPVer < "11.0.6005.562" Then
Local $rSyLink4 = FileReadLine($fSyLink, 4)
Local $strUploadApps = StringSplit($rSyLink4, " ", 0)
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : " & $strUploadApps[14]
Call("Report", $Step)
EndIf
Local $rSyLink5 = FileReadLine($fSyLink, 5)
Local $strServerList1 = StringTrimLeft($rSyLink5, 5)
Local $strServerList2 = StringTrimRight($strServerList1, 1)
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : " & $strServerList2
Call("Report", $Step)
EndIf
FileClose($fSyLink)
GUICtrlSetData($ProgressBar, 75)
Sleep(1000)
Call("GetSymEvent")
EndFunc
; ######################################################################
; Get installed SymEvent information.
Func GetSymEvent()
GUICtrlSetState($SyLinkLabel, $GUI_HIDE)
Global $SymEventLabel = GUICtrlCreateLabel("Retrieving SymEvent information...", 10, 65, 280, 20)
GUICtrlSetFont(-1, 8, "", "", "Arial")
If @OSArch = "X86" Then
Local $SymEventSysVer = FileGetVersion(@SystemDir & "\drivers\SYMEVENT.SYS")
If @error = 1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking SymEvent SYS file version... Unable to access file."
Call("Report", $Step)
Else
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking SymEvent SYS file version... " & $SymEventSysVer
Call("Report", $Step)
EndIf
Local $SymEventDllVer = FileGetVersion(@SystemDir & "\S32EVNT1.DLL")
If @error = 1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking SymEvent DLL file version... Unable to access file."
Call("Report", $Step)
Else
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking SymEvent DLL file version... " & $SymEventDllVer
Call("Report", $Step)
EndIf
Local $SymEventSAVCE = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symevent\SAVCE", "")
If @error = 1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking SymEvent registration for SAVCE... Not registered. Please reinstall SymEvent."
Call("Report", $Step)
Else
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking SymEvent registration for SAVCE... Registered"
Call("Report", $Step)
EndIf
Local $SymEventSRTSP = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symevent\SRTSP", "")
If @error = 1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking SymEvent registration for SRTSP... Not registered. Please reinstall SymEvent."
Call("Report", $Step)
Else
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking SymEvent registration for SRTSP... Registered"
Call("Report", $Step)
EndIf
ElseIf @OSArch = "X64" Then
Local $SymEventSysVer = FileGetVersion(@WindowsDir & "\system32\drivers\SYMEVENT64x86.SYS")
If @error = 1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking SymEvent SYS file version... Unable to access file."
Call("Report", $Step)
Else
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking SymEvent SYS file version... " & $SymEventSysVer
Call("Report", $Step)
EndIf
Local $SymEventSAVCE = RegRead("HKEY_LOCAL_MACHINE64\SOFTWARE\Symantec\Symevent\SAVCE", "")
If @error = 1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking SymEvent registration for SAVCE... Not registered. Please reinstall SymEvent."
Call("Report", $Step)
Else
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking SymEvent registration for SAVCE... Registered"
Call("Report", $Step)
EndIf
Local $SymEventSRTSP = RegRead("HKEY_LOCAL_MACHINE64\SOFTWARE\Symantec\Symevent\SRTSP", "")
If @error = 1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking SymEvent registration for SRTSP... Not registered. Please reinstall SymEvent."
Call("Report", $Step)
Else
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking SymEvent registration for SRTSP... Registered"
Call("Report", $Step)
EndIf
EndIf
GUICtrlSetData($ProgressBar, 81)
Sleep(1000)
Call("GetLiveUpdate")
EndFunc
; ######################################################################
; Get LiveUpdate information.
Func GetLiveUpdate()
GUICtrlSetState($SymEventLabel, $GUI_HIDE)
Global $LiveUpdateLabel = GUICtrlCreateLabel("Retrieving LiveUpdate information...", 10, 65, 280, 20)
GUICtrlSetFont(-1, 8, "", "", "Arial")
If @OSArch = "X86" Then
Local $LUInstPath = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveUpdate", "InstallLocation")
If (@error = 1 OR @error = -1) Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking LiveUpdate install location... Unable to access 'InstallLocation' registry key/value."
Call("Report", $Step)
EndIf
Local $LUVer = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveUpdate", "DisplayVersion")
If (@error = 1 OR @error = -1) Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking LiveUpdate version... Unable to access 'DisplayVersion' registry key/value."
Call("Report", $Step)
EndIf
Local $LUMethodSEPM = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\LiveUpdate", "UseManagementServer")
If (@error = 1 OR @error = -1) Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking LiveUpdate method (SEPM)... Unable to access 'UseManagementServer' registry key/value."
Call("Report", $Step)
EndIf
Local $LUMethodLUSrv = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\LiveUpdate", "UseLiveUpdateServer")
If (@error = 1 OR @error = -1) Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking LiveUpdate method (LU Server)... Unable to access 'UseLiveUpdateServer' registry key/value."
Call("Report", $Step)
EndIf
Local $LUMethodGUP = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\LiveUpdate", "UseMasterClient")
If (@error = 1 OR @error = -1) Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking LiveUpdate method (LU Server)... Unable to access 'UseMasterClient' registry key/value."
Call("Report", $Step)
EndIf
ElseIf @OSArch = "X64" Then
Local $LUInstPath = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LiveUpdate", "InstallLocation")
If (@error = 1 OR @error = -1) Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking LiveUpdate install location... Unable to access 'InstallLocation' registry key/value."
Call("Report", $Step)
EndIf
Local $LUVer = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LiveUpdate", "DisplayVersion")
If (@error = 1 OR @error = -1) Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking LiveUpdate version... Unable to access 'DisplayVersion' registry key/value."
Call("Report", $Step)
EndIf
Local $LUMethodSEPM = RegRead("HKEY_LOCAL_MACHINE64\SOFTWARE\Symantec\Symantec Endpoint Protection\LiveUpdate", "UseManagementServer")
If (@error = 1 OR @error = -1) Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking LiveUpdate method (SEPM)... Unable to access 'UseManagementServer' registry key/value."
Call("Report", $Step)
EndIf
Local $LUMethodLUSrv = RegRead("HKEY_LOCAL_MACHINE64\SOFTWARE\Symantec\Symantec Endpoint Protection\LiveUpdate", "UseLiveUpdateServer")
If (@error = 1 OR @error = -1) Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking LiveUpdate method (LU Server)... Unable to access 'UseLiveUpdateServer' registry key/value."
Call("Report", $Step)
EndIf
Local $LUMethodGUP = RegRead("HKEY_LOCAL_MACHINE64\SOFTWARE\Symantec\Symantec Endpoint Protection\LiveUpdate", "UseMasterClient")
If (@error = 1 OR @error = -1) Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking LiveUpdate method (LU Server)... Unable to access 'UseMasterClient' registry key/value."
Call("Report", $Step)
EndIf
EndIf
Local $LUInstLoc = StringReplace($LUInstPath, Chr(34), "", 0, 0)
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking LiveUpdate install location... " & $LUInstLoc
Call("Report", $Step)
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking LiveUpdate version... " & $LUVer
Call("Report", $Step)
If $LUMethodSEPM = 0 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking LiveUpdate method (SEPM)... Disabled"
Call("Report", $Step)
ElseIf $LUMethodSEPM = 1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking LiveUpdate method (SEPM)... Enabled"
Call("Report", $Step)
EndIf
If $LUMethodLUSrv = 0 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking LiveUpdate method (LU Server)... Disabled"
Call("Report", $Step)
ElseIf $LUMethodLUSrv = 1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking LiveUpdate method (LU Server)... Enabled"
Call("Report", $Step)
EndIf
If $LUMethodGUP = 0 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking LiveUpdate method (GUP)... Disabled"
Call("Report", $Step)
ElseIf $LUMethodGUP = 1 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Checking LiveUpdate method (GUP)... Enabled"
Call("Report", $Step)
EndIf
GUICtrlSetData($ProgressBar, 87)
Sleep(1000)
Call("GetSecars")
EndFunc
; ######################################################################
; Get SECARS result.
Func GetSecars()
GUICtrlSetState($LiveUpdateLabel, $GUI_HIDE)
Global $SecarsLabel = GUICtrlCreateLabel("Retrieving SECARS result...", 10, 65, 280, 20)
GUICtrlSetFont(-1, 8, "", "", "Arial")
Local $SecarsURL = "http://" & $MgmtSrv & ":" & $IISPort & "/secars/secars.dll?hello,secars"
Local $result = _INetGetSource($SecarsURL)
If StringInStr($result, "OK.", 1, 1) <> 0 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Retrieving SECARS result... OK"
Call("Report", $Step)
ElseIf StringInStr($result, "OK.", 1, 1) = 0 Then
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Retrieving SECARS result... Failed"
Call("Report", $Step)
Else
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Retrieving SECARS result... Unable to determine"
Call("Report", $Step)
EndIf
GUICtrlSetData($ProgressBar, 90)
Sleep(1000)
GUICtrlSetState($SecarsLabel, $GUI_HIDE)
Call("Complete")
EndFunc
; ######################################################################
; Write to log file.
Func Report($Step)
Local $strLogFile = FileOpen($LogFile, 1)
FileWriteLine($strLogFile, "" & $Step)
FileClose($strLogFile)
EndFunc
; ######################################################################
; Script error.
Func Error()
Local $Error = MsgBox(16, "Error", "The utility has encountered an error. Please review the log file for details.")
If $Error = 1 Then
GUIDelete()
Run(@ComSpec & " /c " & "notepad.exe " & $LogFile, "", @SW_HIDE)
DirRemove(@TempDir & "\SEPC Status Utility", 1)
Exit
EndIf
EndFunc
; ######################################################################
; Successfully completed.
Func Complete()
Local $Step = @CRLF
Call("Report", $Step)
Local $Step = @HOUR & ":" & @MIN & ":" & @SEC & " " & @ComputerName & " : Utility has completed."
Call("Report", $Step)
GUICtrlSetData($ProgressBar, 100)
Sleep(1000)
GUICtrlSetState($ProgressBar, $GUI_HIDE)
GUICtrlCreateLabel("SEP client health check has completed. The log file is located at " & $LogFile & " and will open when you click Close.", 10, 55, 280, 55)
GUICtrlSetFont(-1, 8, "", "", "Arial")
GUICtrlSetState($Close, $GUI_SHOW)
EndFunc
; ######################################################################
; Close button.
Func CloseButton()
Run(@ComSpec & " /c " & "notepad.exe " & $LogFile, "", @SW_HIDE)
GUIDelete()
DirRemove(@TempDir & "\SEPC Status Utility", 1)
Exit
EndFunc
; ######################################################################
Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.
Comments (2)
Commented:
"Yes" vote above.
Commented: