Solved

MS ForeFront Virus Definitions

Posted on 2010-11-16
20
858 Views
Last Modified: 2012-05-10
I have been given the task of creating a script that will check the MS ForeFront virus definitions to make sure they are up to day. The problem is I cannot find where this information is stored for ForeFront. I know on our old McAfee boxes there were registry keys with the "DAT" date and version.  Can someone please help
0
Comment
Question by:Frog_1337
  • 9
  • 5
  • 3
  • +1
20 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 34148057
Which Forefront?
Protection for Sharepoint? For Exchange? For client? For TMG?
0
 

Author Comment

by:Frog_1337
ID: 34148486
Im sorry it is ForeFront for Exchange and TMG
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 34149007
You know that you can click a button on the FPE 2010 gui which displays already the status and similarly in TMG? Thought I'd ask before checking the sdk.
0
 

Author Comment

by:Frog_1337
ID: 34149280
Yeah, the task assigned to me is to create a script to implement an HP Openview Policy that will monitor the age of the virus definition files. This will keep us from having to log in all the time to the servers and check the gui.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 34149358
I guessed you were going to say that <sighs> lol

Let me see what I can knock up.
0
 
LVL 7

Expert Comment

by:Mohamed Khairy
ID: 34149396
Totally agree with Keith, you can get all needed info from the dashboard of the products as follow:

FPE2010 :

Go to the dashboard---> Go To Engine----> Chlick Show Details and this will show you the health and refresh rate of the engine.

If you want more info about every engine just click engine summary and you will get all what you need.

 

FPE2010-02.jpg
0
 
LVL 7

Expert Comment

by:Mohamed Khairy
ID: 34149417
Post my comment too late :)

0
 
LVL 7

Expert Comment

by:Mohamed Khairy
ID: 34149508
I've not worked previously with Open view but with FPE2010, you can set and enable email notification for engine update wheteher in success or failed status and this will make it easier.

Hope this may helps.
0
 

Author Comment

by:Frog_1337
ID: 34149533
Okay where are the email notifications setup at? I am a total noob to this product! But I think if I was able to setup a success/fail email they would accept that
0
 

Author Comment

by:Frog_1337
ID: 34149559
Okay nevermind I need to have it run through openview which leads me back to my first question
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 7

Expert Comment

by:Mohamed Khairy
ID: 34149640
Open the FBE2010 GUI and go to configuration then notification and enable the notification you will need to send you an email


FPE2010.jpg
0
 

Author Comment

by:Frog_1337
ID: 34155171
The openview policy I can create its just a matter of writing a vbs to parse the info and tell it what to do. I just need to find where the dates for the virus definitions are stored. I have checked the registry and cant seem to pinpoint it
0
 
LVL 7

Expert Comment

by:Mohamed Khairy
ID: 34156785
All updates are gets stored on the following location: %windir%\softwaredistribution\download

Also, I noticed that the only dates appeared is for the data modified update file named mpam-d of the anti-malware which is updated in specific times and saved on the following location :

%windir%\softwaredistribution\download\install

Hope this may helps and will try to find out more details about your request.
0
 

Author Comment

by:Frog_1337
ID: 34206110
I still have not had any luck in findhing the virus definition dates in server 2008R2 for ForeFront for Exchange. I am about to beat my head against the wall
0
 
LVL 7

Expert Comment

by:lacrewga
ID: 34291059
HKLM/SOFTWARE/MICROSOFT/MICROSOFT FOREFRONT/CLIENT SECURITY/1.0/AM/SIGNATURE UPDATES
0
 
LVL 7

Expert Comment

by:lacrewga
ID: 34291063
The preceding was for XP... should get you close
0
 

Author Comment

by:Frog_1337
ID: 34292548
Nothing similar to the above key I am sorry
0
 
LVL 7

Expert Comment

by:lacrewga
ID: 34292886
If this doe's not apply excuse (no 2008 w/fcs available)
Try this... add an exclusion path pointing to some seldom used path, then search registry for that path.
0
 

Accepted Solution

by:
Frog_1337 earned 0 total points
ID: 34302660
I have escalated this to the system engineers so they can contact Microsoft. I will post an answer once I hear for them.
0
 

Author Closing Comment

by:Frog_1337
ID: 36253599
no answer to be found as of yet
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
EMAIL BANNER 8 29
Configure TMG 2010 as a transparent Proxy 9 784
MDT 2012 does not deploy applications if domain is joined 4 572
Lync 2013 Test Connectivity error 34 9,387
There are three types of ISA client that can be configured - these can be individual clients or multiples of a client on each PC or server SecureNAT. A SecureNAT client for ISA server is a client machine, work station or server, that has its defa…
Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now