How to determine current defs date / time from registry, ini or wmi?

We use Sysinternal’s BGINFO to display various bits of information on our XP & Vista desktops (including boot time, ip, dns, etc) and have configured Windows task scheduler to update BGINFO’s display every hour or so. On our machines that have Symantec AV Corporate Edition and Symantec EndPoint protection enable, we display the current definition dates that we determine by polling a registry key.

We are attempting to do the same thing with Avast 4.8 Professional, but have not been able to find any registry key, ini file, or wmi lookup that actually has the current definition’s set in a date / time format. Does anyone have any ideas?

Thanks

dcc

Hmmm… I’ve tried to found in registry and avast4.ini file without success…
Hope someone from Alwil take a look into it.

I don’t think there’s any such value in registry or .ini (or at least I’m not aware of it). The version/timestamp of the virus database file is (internally) read directly from the 400.vps file.
I guess the closest match would be the value [Info]/LastUpdateTime in \Setup\setup.ini - but it’s not the “label” of the virus database file, but rather the time when the latest VPS was downloaded/installed on the user’s computer.

So it has been 2 3/4 years since i originally asked this question, and I don’t still don’t have an adequate solution. Come on Avast - how difficult would it be to write the current definition version to a registry key, or to a text file (that contains absolutely nothing but the definition version). aswdefs.ini is close to what we need to do this…

dcc

I think this would help you…

Yeah - but unless you write a vb file and distribute it with the BGINFO.BGI definition, then what you end up is with the entire contents of the .ini on the screen (see attached). I want just the date (as shown in the bottom picture)

But whats the issue??? Why are you staring at that file ?
If you want to see … See this

You are missing my point - I want to output the definition version on the Windows desktop with BGINFO, which is automatically refreshed via Windows task scheduler every 1/2 hr on the desktops we manage (and also is in the Startup group so it runs at logon). That way, when we remotely connect to an end user’s desktop, we can very quickly see when the machine was last rebooted, the logged in user’s name, and the current AV definition version, as it is all right there on the desktop, updated sometime within the last 1/2hr.

As a side note, the following VB code will output just the definition version number when used with BGINFO (but won’t run correctly when you use it with cscript.exe unless you add a “wcript.” in front of “Echo(StrData)”).


Dim ObjFso
Dim StrFileName
Dim ObjFile
Dim StrData
StrFileName = "C:\Program Files\Alwil Software\Avast5\defs\aswdefs.ini"
Set ObjFso = CreateObject("Scripting.FileSystemObject")
Set ObjFile = ObjFso.OpenTextFile(StrFileName)
ObjFile.Skip(22)
StrData = ObjFile.Read(10)
Echo(StrData)
ObjFile.Close

So you take that code above, stick in a VBS file, and call that as a custom action in BGINFO.

Ashish - you are not familiar with BGINFO, go here: http://technet.microsoft.com/en-us/sysinternals/bb897557

dcc

The definition date is included in the file name, so 11042301 corresponds to the defs of 110423-01 which are for 23/4/2011 (second release - 00 would be first)

Maybe the script could adjust the way the values are interpreted? (not really sure myself…)

I like the idea though :slight_smile:
May have to borrow it :stuck_out_tongue:

Here you go…

Dim ObjFso
Dim StrFileName
Dim ObjFile
Dim StrData1
Dim StrData2
StrFileName = "C:\Program Files\Alwil Software\Avast5\defs\aswdefs.ini"
Set ObjFso = CreateObject("Scripting.FileSystemObject")
Set ObjFile = ObjFso.OpenTextFile(StrFileName)
ObjFile.Skip(22)
StrData1 = ObjFile.Read(6)
StrData2 = ObjFile.Read(2)
Echo(StrData1 & "-" & StrData2)
ObjFile.Close

BGINFO configuration and output screen snapshot looks like the pictures in the posts below.

dcc

I forgot to mention - we use Scriptlogic’s Desktop Authority to push all the necessary files at each domain login to ensure this stays running, just in case the end users figure out how to mess with the settings. The necessary files are BGINFO.EXE, BGINFO.BGI, and the vbs files. These files go to C:\Windows, and Desktop Authority also recreates the shortcut in the Startup group at every login (incase the end user has messed with it too).

The shortcut launches: “C:\Windows\BGINFO.exe C:\Windows\BGINFO.bgi /timer:0 /nolicprompt

dcc

That gives the defs value, as shown in avast itself. Is that what you wanted?

Yes - that is exactly what I want, except I wanted it without having to utilize VB to parse the aswdefs.ini. The last time I tried this was a year or two ago when Avast 5 first came out. The VB script I had then caused BGINFO.exe to hang, so I gave up on it. I decided to have another look at it today after I initially posted if anything had been updated, and managed to figure it out. It still isn’t ideal (having to utilize a VB script), but it will work.

We also use Symantec Corporate Edition (10.2.4) and Symantec Endpoint Protection (11.0.6 MR2) at a lot of client sites, and for them we are able to pull the current definition files directly from the registry without having to deal with VB.

Basically, if you have a look at the last picture I posted prior to this post, you’ll see what the output on my desktop looks like. This is what we want when we connect to a remote end user machine (we also usually show their DNS & DHCP servers there too). This usually saves us a bunch of time in remote troubleshooting by being able to see all that info right there. How many times has an end user told you they rebooted their machine, only to find out after lots of troubleshooting they didn’t actually reboot it? This allows to very quickly see the status of the machines (including the antivirus definition dates), independent of what the end user tells you.

dcc