Solved

MS ForeFront Virus Definitions

Posted on 2010-11-16
20
864 Views
Last Modified: 2012-05-10
I have been given the task of creating a script that will check the MS ForeFront virus definitions to make sure they are up to day. The problem is I cannot find where this information is stored for ForeFront. I know on our old McAfee boxes there were registry keys with the "DAT" date and version.  Can someone please help
0
Comment
Question by:Frog_1337
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 5
  • 3
  • +1
20 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 34148057
Which Forefront?
Protection for Sharepoint? For Exchange? For client? For TMG?
0
 

Author Comment

by:Frog_1337
ID: 34148486
Im sorry it is ForeFront for Exchange and TMG
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 34149007
You know that you can click a button on the FPE 2010 gui which displays already the status and similarly in TMG? Thought I'd ask before checking the sdk.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Frog_1337
ID: 34149280
Yeah, the task assigned to me is to create a script to implement an HP Openview Policy that will monitor the age of the virus definition files. This will keep us from having to log in all the time to the servers and check the gui.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 34149358
I guessed you were going to say that <sighs> lol

Let me see what I can knock up.
0
 
LVL 7

Expert Comment

by:Mohamed Khairy
ID: 34149396
Totally agree with Keith, you can get all needed info from the dashboard of the products as follow:

FPE2010 :

Go to the dashboard---> Go To Engine----> Chlick Show Details and this will show you the health and refresh rate of the engine.

If you want more info about every engine just click engine summary and you will get all what you need.

 

FPE2010-02.jpg
0
 
LVL 7

Expert Comment

by:Mohamed Khairy
ID: 34149417
Post my comment too late :)

0
 
LVL 7

Expert Comment

by:Mohamed Khairy
ID: 34149508
I've not worked previously with Open view but with FPE2010, you can set and enable email notification for engine update wheteher in success or failed status and this will make it easier.

Hope this may helps.
0
 

Author Comment

by:Frog_1337
ID: 34149533
Okay where are the email notifications setup at? I am a total noob to this product! But I think if I was able to setup a success/fail email they would accept that
0
 

Author Comment

by:Frog_1337
ID: 34149559
Okay nevermind I need to have it run through openview which leads me back to my first question
0
 
LVL 7

Expert Comment

by:Mohamed Khairy
ID: 34149640
Open the FBE2010 GUI and go to configuration then notification and enable the notification you will need to send you an email


FPE2010.jpg
0
 

Author Comment

by:Frog_1337
ID: 34155171
The openview policy I can create its just a matter of writing a vbs to parse the info and tell it what to do. I just need to find where the dates for the virus definitions are stored. I have checked the registry and cant seem to pinpoint it
0
 
LVL 7

Expert Comment

by:Mohamed Khairy
ID: 34156785
All updates are gets stored on the following location: %windir%\softwaredistribution\download

Also, I noticed that the only dates appeared is for the data modified update file named mpam-d of the anti-malware which is updated in specific times and saved on the following location :

%windir%\softwaredistribution\download\install

Hope this may helps and will try to find out more details about your request.
0
 

Author Comment

by:Frog_1337
ID: 34206110
I still have not had any luck in findhing the virus definition dates in server 2008R2 for ForeFront for Exchange. I am about to beat my head against the wall
0
 
LVL 7

Expert Comment

by:lacrewga
ID: 34291059
HKLM/SOFTWARE/MICROSOFT/MICROSOFT FOREFRONT/CLIENT SECURITY/1.0/AM/SIGNATURE UPDATES
0
 
LVL 7

Expert Comment

by:lacrewga
ID: 34291063
The preceding was for XP... should get you close
0
 

Author Comment

by:Frog_1337
ID: 34292548
Nothing similar to the above key I am sorry
0
 
LVL 7

Expert Comment

by:lacrewga
ID: 34292886
If this doe's not apply excuse (no 2008 w/fcs available)
Try this... add an exclusion path pointing to some seldom used path, then search registry for that path.
0
 

Accepted Solution

by:
Frog_1337 earned 0 total points
ID: 34302660
I have escalated this to the system engineers so they can contact Microsoft. I will post an answer once I hear for them.
0
 

Author Closing Comment

by:Frog_1337
ID: 36253599
no answer to be found as of yet
0

Featured Post

Enroll in June's Course of the Month

June's Course of the Month is now available! Every 10 seconds, a consumer gets hit with ransomware. Refresh your knowledge of ransomware best practices by enrolling in this month's complimentary course for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Forefront is the brand name for Microsoft's major security product. Forefront covers a number of specific security areas and has 'swallowed' a number of applications under this umbrella including Antigen, ISA Server, the Integrated Access Gateway (t…
There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question