Collect Custom Inventory for SEP 12.x definitions in ITMS 8.x
search cancel

Collect Custom Inventory for SEP 12.x definitions in ITMS 8.x


Article ID: 169635


Updated On:


Inventory Solution Endpoint Encryption IT Management Suite


The Symantec Endpoint Protection Integration Component (SEPIC) is no longer included from ITMS 7.6 and newer. 

The version of the SEP agent is still collected in the standard inventory but the details of the SEP agent virus definition files and revisions are not. 

For those who require it, the enclosed PowerShell script can be deployed to collect this information via custom inventory. 


Environments with SEP 12.x clients, who require inventory details in ITMS regarding SEP virus definitions. 


The PowerShell script below can be used as a basis for collecting custom inventory for the virus definition data. Please note that: 

  1. The script is provided as is, with no additional support from Symantec
  2. You will need to replace the GUID highlighted in the script below, with the GUID of your custom data class
  3. The script will collect, definition dates and revisions on SEP 12.x (other versions not tested) for:
  • Virus and spyware protection
  • Proactive threat protection
  • Network threat protection


# SEP Definition Dates and Revision Number Extracted from Registry
# Symantec UK
# v 1.0
# Tested on SEP 12.x
  #-------- Please don't modify begin -----------
  #Create instance of Altiris NSE component
  $nse = New-Object -ComObject  Altiris.AeXNSEvent
# Set the header data of the NSE
  $nse.To = "{50FBF1F5-17C5-47f1-92A8-D800B2515535}"
  $nse.Priority = 1
  $objIRInstance = $nse.AddDataClass('{0372ea14-a0ed-443f-af96-4b32ab3b827a}')
  $objIRDataClass = $nse.AddDataBlock($objIRInstance)
#  ' -------- Please don't modify end ------------
# Gets the date and revision from the reg path
# $v stores definition date and revision for virus and spyware protection
# $b stores definition date and revision for proactive threat protection
# $n stores definition date and revision for network threat protection
IF (Test-Path 'HKLM:\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\SharedDefs\')
     $v = Get-ItemProperty  'HKLM:\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\SharedDefs\' -Name SRTSP
     $v = $v.SRTSP
     $v = $v.Substring($v.LastIndexOf('\')+1)
     $v = $v.Split('.')
     $v[0] = [datetime]::ParseExact($v[0],'yyyyMMdd', $null
     $v[0]= 0
     $v[1]= 0
IF (Test-Path 'HKLM:\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\SharedDefs\BASHDefs\')
     $b = Get-ItemProperty  'HKLM:\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\SharedDefs\BASHDefs\' -Name BASH
     $b = $b.BASH
     $b = $b.Substring($b.LastIndexOf('\')+1)
     $b = $b.Split('.')
     $b[0] = [datetime]::ParseExact($b[0],'yyyyMMdd', $null
     $b[0]= 0
     $b[1]= 0
IF (Test-Path 'HKLM:\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\SharedDefs\IPSDefs\')
     $n = Get-ItemProperty  'HKLM:\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\SharedDefs\IPSDefs\' -Name'Internet Security'
     $n = $n.'Internet Security'
     $n = $n.Substring($n.LastIndexOf('\')+1)
     $n = $n.Split('.')
     $n[0] = [datetime]::ParseExact($n[0],'yyyyMMdd', $null)
     $n[0]= 0
     $n[1]= 0
$objIRDataRow = $objIRDataClass.AddRow()
$objIRDataRow.SetField(0, "Virus and Spyware Protection")
$objIRDataRow.SetField(1,  $v[0])
$objIRDataRow.SetField(2,  $v[1] )

$objIRDataRow = $objIRDataClass.AddRow()
$objIRDataRow.SetField(0, "Proactive Threat Protection")
$objIRDataRow.SetField(1, $b[0] )
$objIRDataRow.SetField(2, $b[1] )
$objIRDataRow = $objIRDataClass.AddRow()
$objIRDataRow.SetField(0, "Network Threat Protection")
$objIRDataRow.SetField(1, $n[0] )
$objIRDataRow.SetField(2, $n[1] )
write-host $nse.sendqueued()