Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 873
  • Last Modified:

MS ForeFront Virus Definitions

I have been given the task of creating a script that will check the MS ForeFront virus definitions to make sure they are up to day. The problem is I cannot find where this information is stored for ForeFront. I know on our old McAfee boxes there were registry keys with the "DAT" date and version.  Can someone please help
0
Frog_1337
Asked:
Frog_1337
  • 9
  • 5
  • 3
  • +1
1 Solution
 
Keith AlabasterCommented:
Which Forefront?
Protection for Sharepoint? For Exchange? For client? For TMG?
0
 
Frog_1337Author Commented:
Im sorry it is ForeFront for Exchange and TMG
0
 
Keith AlabasterCommented:
You know that you can click a button on the FPE 2010 gui which displays already the status and similarly in TMG? Thought I'd ask before checking the sdk.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Frog_1337Author Commented:
Yeah, the task assigned to me is to create a script to implement an HP Openview Policy that will monitor the age of the virus definition files. This will keep us from having to log in all the time to the servers and check the gui.
0
 
Keith AlabasterCommented:
I guessed you were going to say that <sighs> lol

Let me see what I can knock up.
0
 
Mohamed KhairyEnterprise Solutions ArchitectCommented:
Totally agree with Keith, you can get all needed info from the dashboard of the products as follow:

FPE2010 :

Go to the dashboard---> Go To Engine----> Chlick Show Details and this will show you the health and refresh rate of the engine.

If you want more info about every engine just click engine summary and you will get all what you need.

 

FPE2010-02.jpg
0
 
Mohamed KhairyEnterprise Solutions ArchitectCommented:
Post my comment too late :)

0
 
Mohamed KhairyEnterprise Solutions ArchitectCommented:
I've not worked previously with Open view but with FPE2010, you can set and enable email notification for engine update wheteher in success or failed status and this will make it easier.

Hope this may helps.
0
 
Frog_1337Author Commented:
Okay where are the email notifications setup at? I am a total noob to this product! But I think if I was able to setup a success/fail email they would accept that
0
 
Frog_1337Author Commented:
Okay nevermind I need to have it run through openview which leads me back to my first question
0
 
Mohamed KhairyEnterprise Solutions ArchitectCommented:
Open the FBE2010 GUI and go to configuration then notification and enable the notification you will need to send you an email


FPE2010.jpg
0
 
Frog_1337Author Commented:
The openview policy I can create its just a matter of writing a vbs to parse the info and tell it what to do. I just need to find where the dates for the virus definitions are stored. I have checked the registry and cant seem to pinpoint it
0
 
Mohamed KhairyEnterprise Solutions ArchitectCommented:
All updates are gets stored on the following location: %windir%\softwaredistribution\download

Also, I noticed that the only dates appeared is for the data modified update file named mpam-d of the anti-malware which is updated in specific times and saved on the following location :

%windir%\softwaredistribution\download\install

Hope this may helps and will try to find out more details about your request.
0
 
Frog_1337Author Commented:
I still have not had any luck in findhing the virus definition dates in server 2008R2 for ForeFront for Exchange. I am about to beat my head against the wall
0
 
lacrewgaCommented:
HKLM/SOFTWARE/MICROSOFT/MICROSOFT FOREFRONT/CLIENT SECURITY/1.0/AM/SIGNATURE UPDATES
0
 
lacrewgaCommented:
The preceding was for XP... should get you close
0
 
Frog_1337Author Commented:
Nothing similar to the above key I am sorry
0
 
lacrewgaCommented:
If this doe's not apply excuse (no 2008 w/fcs available)
Try this... add an exclusion path pointing to some seldom used path, then search registry for that path.
0
 
Frog_1337Author Commented:
I have escalated this to the system engineers so they can contact Microsoft. I will post an answer once I hear for them.
0
 
Frog_1337Author Commented:
no answer to be found as of yet
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

  • 9
  • 5
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now