Solved

MS ForeFront Virus Definitions

Posted on 2010-11-16
20
857 Views
Last Modified: 2012-05-10
I have been given the task of creating a script that will check the MS ForeFront virus definitions to make sure they are up to day. The problem is I cannot find where this information is stored for ForeFront. I know on our old McAfee boxes there were registry keys with the "DAT" date and version.  Can someone please help
0
Comment
Question by:Frog_1337
  • 9
  • 5
  • 3
  • +1
20 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
Which Forefront?
Protection for Sharepoint? For Exchange? For client? For TMG?
0
 

Author Comment

by:Frog_1337
Comment Utility
Im sorry it is ForeFront for Exchange and TMG
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
You know that you can click a button on the FPE 2010 gui which displays already the status and similarly in TMG? Thought I'd ask before checking the sdk.
0
 

Author Comment

by:Frog_1337
Comment Utility
Yeah, the task assigned to me is to create a script to implement an HP Openview Policy that will monitor the age of the virus definition files. This will keep us from having to log in all the time to the servers and check the gui.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
I guessed you were going to say that <sighs> lol

Let me see what I can knock up.
0
 
LVL 7

Expert Comment

by:Mohamed Khairy
Comment Utility
Totally agree with Keith, you can get all needed info from the dashboard of the products as follow:

FPE2010 :

Go to the dashboard---> Go To Engine----> Chlick Show Details and this will show you the health and refresh rate of the engine.

If you want more info about every engine just click engine summary and you will get all what you need.

 

FPE2010-02.jpg
0
 
LVL 7

Expert Comment

by:Mohamed Khairy
Comment Utility
Post my comment too late :)

0
 
LVL 7

Expert Comment

by:Mohamed Khairy
Comment Utility
I've not worked previously with Open view but with FPE2010, you can set and enable email notification for engine update wheteher in success or failed status and this will make it easier.

Hope this may helps.
0
 

Author Comment

by:Frog_1337
Comment Utility
Okay where are the email notifications setup at? I am a total noob to this product! But I think if I was able to setup a success/fail email they would accept that
0
 

Author Comment

by:Frog_1337
Comment Utility
Okay nevermind I need to have it run through openview which leads me back to my first question
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 7

Expert Comment

by:Mohamed Khairy
Comment Utility
Open the FBE2010 GUI and go to configuration then notification and enable the notification you will need to send you an email


FPE2010.jpg
0
 

Author Comment

by:Frog_1337
Comment Utility
The openview policy I can create its just a matter of writing a vbs to parse the info and tell it what to do. I just need to find where the dates for the virus definitions are stored. I have checked the registry and cant seem to pinpoint it
0
 
LVL 7

Expert Comment

by:Mohamed Khairy
Comment Utility
All updates are gets stored on the following location: %windir%\softwaredistribution\download

Also, I noticed that the only dates appeared is for the data modified update file named mpam-d of the anti-malware which is updated in specific times and saved on the following location :

%windir%\softwaredistribution\download\install

Hope this may helps and will try to find out more details about your request.
0
 

Author Comment

by:Frog_1337
Comment Utility
I still have not had any luck in findhing the virus definition dates in server 2008R2 for ForeFront for Exchange. I am about to beat my head against the wall
0
 
LVL 7

Expert Comment

by:lacrewga
Comment Utility
HKLM/SOFTWARE/MICROSOFT/MICROSOFT FOREFRONT/CLIENT SECURITY/1.0/AM/SIGNATURE UPDATES
0
 
LVL 7

Expert Comment

by:lacrewga
Comment Utility
The preceding was for XP... should get you close
0
 

Author Comment

by:Frog_1337
Comment Utility
Nothing similar to the above key I am sorry
0
 
LVL 7

Expert Comment

by:lacrewga
Comment Utility
If this doe's not apply excuse (no 2008 w/fcs available)
Try this... add an exclusion path pointing to some seldom used path, then search registry for that path.
0
 

Accepted Solution

by:
Frog_1337 earned 0 total points
Comment Utility
I have escalated this to the system engineers so they can contact Microsoft. I will post an answer once I hear for them.
0
 

Author Closing Comment

by:Frog_1337
Comment Utility
no answer to be found as of yet
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Forefront is the brand name for Microsoft's major security product. Forefront covers a number of specific security areas and has 'swallowed' a number of applications under this umbrella including Antigen, ISA Server, the Integrated Access Gateway (t…
In Africa (and potentially where you live…), reliability of ISPs is questionable.  With the increased reliance on e-mail as one of the primary forms of communication, the costs to business are significant based on interuption of ISP Connectivity.  T…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now