MS ForeFront Virus Definitions

I have been given the task of creating a script that will check the MS ForeFront virus definitions to make sure they are up to day. The problem is I cannot find where this information is stored for ForeFront. I know on our old McAfee boxes there were registry keys with the "DAT" date and version.  Can someone please help
Frog_1337Asked:
Who is Participating?
 
Frog_1337Author Commented:
I have escalated this to the system engineers so they can contact Microsoft. I will post an answer once I hear for them.
0
 
Keith AlabasterEnterprise ArchitectCommented:
Which Forefront?
Protection for Sharepoint? For Exchange? For client? For TMG?
0
 
Frog_1337Author Commented:
Im sorry it is ForeFront for Exchange and TMG
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Keith AlabasterEnterprise ArchitectCommented:
You know that you can click a button on the FPE 2010 gui which displays already the status and similarly in TMG? Thought I'd ask before checking the sdk.
0
 
Frog_1337Author Commented:
Yeah, the task assigned to me is to create a script to implement an HP Openview Policy that will monitor the age of the virus definition files. This will keep us from having to log in all the time to the servers and check the gui.
0
 
Keith AlabasterEnterprise ArchitectCommented:
I guessed you were going to say that <sighs> lol

Let me see what I can knock up.
0
 
Mohamed KhairyEnterprise Solutions ArchitectCommented:
Totally agree with Keith, you can get all needed info from the dashboard of the products as follow:

FPE2010 :

Go to the dashboard---> Go To Engine----> Chlick Show Details and this will show you the health and refresh rate of the engine.

If you want more info about every engine just click engine summary and you will get all what you need.

 

FPE2010-02.jpg
0
 
Mohamed KhairyEnterprise Solutions ArchitectCommented:
Post my comment too late :)

0
 
Mohamed KhairyEnterprise Solutions ArchitectCommented:
I've not worked previously with Open view but with FPE2010, you can set and enable email notification for engine update wheteher in success or failed status and this will make it easier.

Hope this may helps.
0
 
Frog_1337Author Commented:
Okay where are the email notifications setup at? I am a total noob to this product! But I think if I was able to setup a success/fail email they would accept that
0
 
Frog_1337Author Commented:
Okay nevermind I need to have it run through openview which leads me back to my first question
0
 
Mohamed KhairyEnterprise Solutions ArchitectCommented:
Open the FBE2010 GUI and go to configuration then notification and enable the notification you will need to send you an email


FPE2010.jpg
0
 
Frog_1337Author Commented:
The openview policy I can create its just a matter of writing a vbs to parse the info and tell it what to do. I just need to find where the dates for the virus definitions are stored. I have checked the registry and cant seem to pinpoint it
0
 
Mohamed KhairyEnterprise Solutions ArchitectCommented:
All updates are gets stored on the following location: %windir%\softwaredistribution\download

Also, I noticed that the only dates appeared is for the data modified update file named mpam-d of the anti-malware which is updated in specific times and saved on the following location :

%windir%\softwaredistribution\download\install

Hope this may helps and will try to find out more details about your request.
0
 
Frog_1337Author Commented:
I still have not had any luck in findhing the virus definition dates in server 2008R2 for ForeFront for Exchange. I am about to beat my head against the wall
0
 
lacrewgaCommented:
HKLM/SOFTWARE/MICROSOFT/MICROSOFT FOREFRONT/CLIENT SECURITY/1.0/AM/SIGNATURE UPDATES
0
 
lacrewgaCommented:
The preceding was for XP... should get you close
0
 
Frog_1337Author Commented:
Nothing similar to the above key I am sorry
0
 
lacrewgaCommented:
If this doe's not apply excuse (no 2008 w/fcs available)
Try this... add an exclusion path pointing to some seldom used path, then search registry for that path.
0
 
Frog_1337Author Commented:
no answer to be found as of yet
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.