HOW TO: Collect Custom Inventory for SEP 12.x definitions in ITMS 7.6 or 8.x

book

Article ID: 169635

calendar_today

Updated On:

Products

Endpoint Encryption Inventory Solution

Issue/Introduction

The Symantec Endpoint Protection Integration Component (SEPIC) is no longer included from ITMS 7.6 and newer. 

The version of the SEP agent is still collected in the standard inventory but the details of the SEP agent virus definition files and revisions are not. 

For those who require it, the enclosed PowerShell script can be deployed to collect this information via custom inventory. 

Cause

SEPIC is no longer supported, see http://www.symantec.com/docs/TECH235017

Environment

ITMS 7.6 environments with SEP 12.x clients, who require inventory details in ITMS regarding SEP virus definitions. 

Resolution

The PowerShell script below can be used as a basis for collecting custom inventory for the virus definition data. Please note that: 

  1. The script is provided as is, with no additional support from Symantec
  2. You will need to replace the GUID highlighted in the script below, with the GUID of your custom data class
  3. For further guidance on creating custom inventory please see http://www.symantec.com/docs/HOWTO10487
  4. The script will collect, definition dates and revisions on SEP 12.x (other versions not tested) for:
  • Virus and spyware protection
  • Proactive threat protection
  • Network threat protection

‚Äč

# SEP Definition Dates and Revision Number Extracted from Registry
# Symantec UK
# v 1.0
#
# Tested on SEP 12.x
 
 
 
  #-------- Please don't modify begin -----------
  #Create instance of Altiris NSE component
  $nse = New-Object -ComObject  Altiris.AeXNSEvent
 
# Set the header data of the NSE
  $nse.To = "{50FBF1F5-17C5-47f1-92A8-D800B2515535}"
  $nse.Priority = 1
 
  $objIRInstance = $nse.AddDataClass('{0372ea14-a0ed-443f-af96-4b32ab3b827a}')
  $objIRDataClass = $nse.AddDataBlock($objIRInstance)
 
 
#  ' -------- Please don't modify end ------------
 
# Gets the date and revision from the reg path
# $v stores definition date and revision for virus and spyware protection
# $b stores definition date and revision for proactive threat protection
# $n stores definition date and revision for network threat protection
 
IF (Test-Path 'HKLM:\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\SharedDefs\')
  {
     $v = Get-ItemProperty  'HKLM:\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\SharedDefs\' -Name SRTSP
     $v = $v.SRTSP
     $v = $v.Substring($v.LastIndexOf('\')+1)
     $v = $v.Split('.')
     $v[0] = [datetime]::ParseExact($v[0],'yyyyMMdd', $null
  }
ELSE
  {
     $v[0]= 0
     $v[1]= 0
  }
 
IF (Test-Path 'HKLM:\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\SharedDefs\BASHDefs\')
  {
     $b = Get-ItemProperty  'HKLM:\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\SharedDefs\BASHDefs\' -Name BASH
     $b = $b.BASH
     $b = $b.Substring($b.LastIndexOf('\')+1)
     $b = $b.Split('.')
     $b[0] = [datetime]::ParseExact($b[0],'yyyyMMdd', $null
  }
ELSE
  {
     $b[0]= 0
     $b[1]= 0
  }
 
 
IF (Test-Path 'HKLM:\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\SharedDefs\IPSDefs\')
  {
     $n = Get-ItemProperty  'HKLM:\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\SharedDefs\IPSDefs\' -Name'Internet Security'
     $n = $n.'Internet Security'
     $n = $n.Substring($n.LastIndexOf('\')+1)
     $n = $n.Split('.')
     $n[0] = [datetime]::ParseExact($n[0],'yyyyMMdd', $null)
  }
  ELSE
  {
     $n[0]= 0
     $n[1]= 0
  }
 
 
$objIRDataRow = $objIRDataClass.AddRow()
$objIRDataRow.SetField(0, "Virus and Spyware Protection")
$objIRDataRow.SetField(1,  $v[0])
$objIRDataRow.SetField(2,  $v[1] )

$objIRDataRow = $objIRDataClass.AddRow()
$objIRDataRow.SetField(0, "Proactive Threat Protection")
$objIRDataRow.SetField(1, $b[0] )
$objIRDataRow.SetField(2, $b[1] )
   
 
$objIRDataRow = $objIRDataClass.AddRow()
$objIRDataRow.SetField(0, "Network Threat Protection")
$objIRDataRow.SetField(1, $n[0] )
$objIRDataRow.SetField(2, $n[1] )
 
$objIRDataRow
 
write-host $nse.sendqueued()