I would like to monitor the age of McAfee anti-virus signatures on the computers in my network in comparison to the latest available release version. If my version is not up-to-date, PRTG should indicate this with a corresponding sensor status, depending on the degree to which the version number of installed scanners diverges from the latest available version. How can I achieve this?

Article Comments

This article applies to PRTG Network Monitor 13.2 or later

Monitoring the Age of Anti-Virus Signatures

In order to monitor the signature age of an anti-virus scanner installed on your system in comparison to the latest available version on a release server, use an EXE/Script sensor in PRTG and create a corresponding script file to get this information.

  • The Powershell script for this concern (as given below for McAfee) will check the latest available DAT version of the scanner in the web at first.
  • Then, it determines the DAT version of the installed scanner on your server.
  • As result, the difference between the two version numbers will be returned as integer.

In PRTG, add an EXE/Script sensor and choose the created script in the sensor settings. You can set an error and/or warning limit in the sensor’s channel settings depending on your needs. For example, you can define that the sensor goes into warning status if the version numbers differ by 2, and into down status if the version numbers differ by 5.

Feel free to adjust the script depending on your needs. For example, you can make it applicable for anti-virus software other than McAfee, as long as this anti-virus solution writes version information into the registry. If this data has to be read out of a file, the script would have to be a bit more complex, though, it is also possible.

Script

  • Copy the following script and paste it into a text editor.
  • Save it as a Powershell script file (.ps1) into the /Custom Sensors/EXE subfolder of your PRTG installation. 
param (
    [Parameter(Mandatory=$false)][string]$ComputerName=".",
    [Parameter(Mandatory=$false)][int]$RefreshURL=21600
)

Import-Module PSSystemTools -Force

# Define Variables
$Url = "http://update.nai.com/Products/CommonUpdater/avvdat.ini"
$TempFile = "C:\Temp\avvdat.ini"
$RegKey = "hklm:/Software/Network Associates/ePolicy Orchestrator/Application Plugins/VIRUSCAN8800"
$RegValue = "DATVersion"

# Create Temporary File
if ((Test-Path $TempFile) -eq $false) {
    $webpage = (new-object system.net.WebClient).DownloadString($Url)
    $webpage | Set-Content -Path $TempFile
}
$objTempFile = Get-Item $TempFile
if ([int]((Get-Date).Subtract($objTempFile.LastWriteTime).TotalSeconds) -gt $RefreshURL) {
    $webpage = (new-object system.net.WebClient).DownloadString($Url)
    $webpage | Set-Content -Path $TempFile
}

# Read Temporary File
$INIFile = Import-IniFile -File $TempFile
$Section = $INIFile.'AVV-ZIP'
$FileDATVersion = $Section.DATVersion


# Read Registry
$RegDATVersion = Invoke-Command -ComputerName $ComputerName -ArgumentList $RegKey,$RegValue -ScriptBlock {
    Param($RegKey,$RegValue)
    $RegDATVersion = (Get-ItemProperty $RegKey).$RegValue
    $RegDATVersion = $RegDATVersion.Split(".")
    $RegDATVersion = $RegDATVersion[0]
    $RegDATVersion
}

# Calculate and Return Result
write-host "$($FileDATVersion - $RegDATVersion):OK"
  • Monitor this script with an EXE/Script sensor.

PRTG will start to monitor the age of your anti-virus signature immediately.


Jun, 2013 - Permalink

Thanks for this script.

I would also like to implement this in PRTG, but the PRTG Sensor returns "UnauthorizedAccess".

Also, on the client and on the probe, no "C:\Temp\avvdat.ini" file is created. The given URL is reachable. The inherited Windows Access Rights are admin rights. The Registry-Entry is existing.

Do you have an idea, what we should adjust?


Sep, 2015 - Permalink

Hi,
by default the scripts are executed with the permissions of the local SYSTEM account of the machine the PRTG Probe is installed on. You might try providing credentials in the parent device and then on tab Settings change the Security Context to use the credentials provided in the parent device. Does that work?


Sep, 2015 - Permalink

Hi, I'm assuming you mean the Windows Login credentials? They are correctly inherited. I tried also to provide them manually, but that didn't help.


Sep, 2015 - Permalink

Hi,
it is possible to execute scripts in a different security context. Normally scripts are executed with local SYSTEM permissions as the probe runs with this account. However, on tab Settings of the sensor you will find a setting called Security Context which defaults to Use security context of probe service. Please try setting the same to Use Windows credentials of parent device. If it does still not work, we can try chaning the script to use explicit authentication.


Sep, 2015 - Permalink

Hi

Is there an updated version of this script? The "PSSystemTools" module doesn't exist anymore?


Mar, 2017 - Permalink

Downloading and installing the following should help, because it includes the necessary function for the script: https://github.com/sushihangover/SushiHangover-PowerShell


Mar, 2017 - Permalink

the check on the web "$Url = "http://update.nai.com/Products/CommonUpdater/avvdat.ini" is this usable for all Anti-virusses or just for McAfee??


May, 2018 - Permalink

Hi there,

The URL belongs to McAfee, so it is only valid for McAfee. This means that the script and URL might be adapted, depending on the used AntiVirus.

Best regards.


May, 2018 - Permalink

I am using the McAfee antivirus software on my laptop. I was also searching of the way to monitor the up-to-dateness of McAfee anti-virus scanners on my system for that I visited https://babasupport.org/microsoft/microsoft-office-error-code-0xc004f074/ but did not get the valid solution but from here I get the appropriate solution.


Nov, 2018 - Permalink

Maybe you want to check out this new Version of the Script, which supports DATv2 and DATv3.

GitHub McAfee DAT Sensor for PRTG


Nov, 2021 - Permalink