Cool VBS for Symantec SEP reporting

Anyone who ever had a chance to work with Symantec Endpoint Protection knows very well, that SEP reporting created in SEP Manager is not the most accurate way of getting information about your clients health. It is actually quite surprising, that such a big company like Symantec, with their main product for business customers, never managed to get the reporting right and is fine with the fact that the SEP Manager sometimes pulls reports that are completely inaccurate. Anyway, there is a simple VBS that can get you a revision and virus database info quickly and put it for you in a nice, simple Excel spreadsheet.

here’s the script:

On Error Resume Next

Const ForReading = 1
Const HKEY_LOCAL_MACHINE = &H80000002
x = 2

'Create an Excel Work Sheet

Set objExcel = CreateObject("Excel.Application")
objExcel.Visible = True
objExcel.Workbooks.Add

objExcel.Cells(1, 1).Value = "Machine Name"
objExcel.Cells(1, 2).Value = "Parent Server"
objExcel.Cells(1, 3).Value = "SAV Version"
objExcel.Cells(1, 4).Value = "Virus Definition"
objExcel.Cells(1, 5).Value = "Rev Number"
objExcel.Cells(1, 6).Value = "Status"
objExcel.Cells(1, 7).Value = "Report Time Stamp"

objExcel.Range("A1:G1").Select
objExcel.Selection.Interior.ColorIndex = 19
objExcel.Selection.Font.ColorIndex = 11
objExcel.Selection.Font.Bold = True
objExcel.Cells.EntireColumn.AutoFit

'Read machine names from a txt file

Set Fso = CreateObject("Scripting.FileSystemObject")
Set InputFile = fso.OpenTextFile("computers.Txt")
Do While Not (InputFile.atEndOfStream)
strComputer = InputFile.ReadLine

intRow = x

objExcel.Cells(intRow, 1).Value = strComputer

GetRegInfo

GetDefInfo

objExcel.Cells(intRow, 7).Value = Now()

set strValue = Nothing
set dwValue = Nothing
set strSavVersion = Nothing
set objFSO = Nothing
Set objFile = Nothing
Set dtDefDate = Nothing
Set strRevNumber= Nothing

x = x + 1

Loop

Wscript.Echo "Done"

'*********************************************************************************************************
'Get information from Registry

Sub GetRegInfo

Set oReg=GetObject( _
   "winmgmts:{impersonationLevel=impersonate}!\\" &_
    strComputer & "\root\default:StdRegProv")
strKeyPath = "SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion"
strParent = "Parent"
strProversion = "ProductVersion"

oReg.GetStringValue _
   HKEY_LOCAL_MACHINE,strKeyPath,strParent,strValue

objExcel.Cells(intRow, 2).Value = strValue

oReg.GetDWORDValue _
   HKEY_LOCAL_MACHINE,strKeyPath,strProversion,dwValue

Select Case dwValue

Case 328336375
strSavVersion ="10.1.5.5010"

Case 23528424
strSavVersion = "10.0.0.359"

Case 65537001
strSavVersion = "10.0.1.1000"

Case 65995753
strSavVersion = "10.0.1.1007"

Case 66061289
strSavVersion = "10.0.1.1008"

Case 131073002
strSavVersion = "10.0.2.2000"

Case 131138538
strSavVersion = "10.0.2.2001"

Case 131728362
strSavVersion = "10.0.2.2010"

Case 132383722
strSavVersion = "10.0.2.2020"

Case 132449258
strSavVersion = "10.0.2.2021"

Case 25822194
stSavVersion = "10.1.0.394"

Case 25953266
strSavVersion = "10.1.0.396"

Case 26215410
strSavVersion = "10.1.0.400"

Case 26280946
strSavVersion = "10.1.0.401"

Case 65536905
strSavVersion = "9.0.5.1000"

Case 72090503
strSavVersion = "9.0.3.1100"

Case 65536903
strSavVersion = "9.0.3.1000"

Case 65536902
strSavVersion = "9.0.2.1000"

Case 65536901
strSavVersion = "9.0.1.1000"

Case 22152068
StrSavversion = "9.0.0.338"

Case 21562155
strSavVersion = "8.1.1.329"

Case 21168939
strSavVersion = "8.1.1.323"

Case 20906795
strSavVersion = "8.1.1.319"

Case 20579115
strSavVersion = "8.1.1.314"

Case 54068001
strSavVersion = "8.1.0.825"

Case 29950753
strSavVersion = "8.0.1.457"

Case 614597408
strSavVersion = "8.0.0.9378"

Case 614335264
strSavVersion = "8.0.0.9374"

Case 29229856
strSavVersion = "8.0.0.446"

Case 28640032
strSavVersion = "8.0.0.437"

Case 28443424
strSavVersion = "8.0.0.434"

Case 28115744
strSavVersion = "8.0.0.429"

Case 27853600
strSavVersion = "8.0.0.425"

Case 85197700
strSavVersion = "7.60.926"

Case 61997817
strSavVersion = "7.6.1.946"

Case 61473529
strSavVersion = "7.6.1.938"

Case 60949241
strSavVersion = "7.6.1.930"

Case 60687096
strSavVersion = "7.6.1.926"

Case 55509743
strSavVersion = "7.5.1.847"

Case 48366268
strSavVersion = "7.0.0"

End Select

objExcel.Cells(intRow, 3).Value = strSavVersion

End Sub

'*******************************************************************************************************************
'Get Virus definition from definfo.dat.

Sub GetDefInfo

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.GetFile("\\" & strComputer & _
  "\c$\Program Files\Common Files\Symantec Shared\VirusDefs\definfo.dat")

If objFSO.FileExists(objFile) Then
Set objDatFile = objFSO.OpenTextFile(objFile, 1)
Do Until objDatFile.AtEndOfStream
strLine = objDatFile.Readline
intCurDefs = InStr(strLine , "CurDefs")
   If intCurDefs > 0 Then
   strCurDefs = strLine 
   strDateDefs = Mid(strCurDefs, 9, 8)

   dtYear = Left(strDateDefs, 4)
   dtMonth = Mid(strDateDefs, 5, 2)
   dtDay = Right(strDateDefs, 2)
   DateVirDefs = dtMonth & "/" & dtDay & "/" & dtYear
   dtDefDate = CDate(DatevirDefs)

   objExcel.Cells(intRow, 4).Value = dtDefDate

 If (date - dtDefDate) = 1 Then
 objExcel.Cells(intRow, 6).Value = "OK"
 Else 
 objExcel.Cells(intRow, 6).Value = "Need Attention!"
 End If

   strRevNumber = Right(strCurDefs, 3)
   objExcel.Cells(intRow, 5).Value = strRevNumber

   End If
   Loop
   objDatFile.Close

Else 
objExcel.Cells(intRow, 4).Value = "The file definfo.dat does not exist"

End If

End Sub

Script calls the PC names from the computers.txt list, saved along with the script in the same folder. Don’t think I need to mention that admin rights are required because script uses WMI to pull all this data.

Nice and easy

Leave a Reply

Your email address will not be published. Required fields are marked *