This would seem to be the easiest way at the moment. Dirk, I'm not completely clear on how the eventlog check works. Does it only look at new log entries since the last check cycle? Is the description field an exact match?
I'm testing this but will have to wait for a new definition file. The only other way I can see to do it is to look at the actual directory name but there isn't a check to do that so you would have to write your own. On my system the directory name(C:\Program Files\Common Files\Symantec Shared\VirusDefs\20040804.034) is the definition number. -Kevin -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bell, Robert Sent: Thursday, August 05, 2004 3:16 PM To: [EMAIL PROTECTED] Subject: RE: [SA-list] Check Version of Symantec anti virus definitions NAVCE definition updates show up in the application eventlog on both workstations and servers. -----Original Message----- From: David Webster [mailto:[EMAIL PROTECTED] Sent: Thursday, August 05, 2004 3:03 PM To: [EMAIL PROTECTED] Subject: [SA-list] Check Version of Symantec anti virus definitions Hello, First props to SA, it's creator, and all the SA users who keep the ideas flowing. I use SA to monitor many things on WIN2K, WIN2K+3 boxes and it's great. I apologize if this question has already been answered. I searched the list archives for antivirus, virus, Symantec and did not find anything. Question: Is there a way to check that would return what version the Symantec Antivirus Corporate Edition virus definition files are on a given server running the AV software? I did not see a direct check for it. I imagine that some combination of event log checking and file checking on the target machine might do the trick. Perhaps and add-on is necessary? I am fairly experienced with the out-of-the box capabilities of SA, but have to dabbled in add ones. Can someone point me in the right direction? Thanks in advance. David PS running v4.1.1609 ------------------------- [This E-mail scanned for viruses by Declude Virus] To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive ------------------------- [This E-mail scanned for viruses by Declude Virus] To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive ------------------------- [This E-mail scanned for viruses by Declude Virus] To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive