You would like to check the version of the Extended File Attributes signatures on the SEP client. However there is no column in the Computer Status Log (obtained from the SEPM Monitoring tab) that allows verification of the applied versions of Extended File Attributes and Signatures. A method for checking this information is needed.

Release: 14.x

While most definitions applied to the Symantec Endpoint Protection (SEP) client are viewable after the client uploads its applied definition revision to SEPM, the definition revision for Extended File Attributes and Signatures is not included in the definition information uploaded to SEPM. Therefore, the definition revision cannot be confirmed from the SEPM console or database.

The registry value on the client contains the information about the applied definition.

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\SharedDefs\EfaVTDefs

Registry value: SymEFA

Value: The path contains the applied definition date and revision.