Symantec

PowerShell Script to Check Symantec Endpoint Protection Definition Updates

Posted on

Symantec Endpoint Protection has quite a hold on the Anti-Virus market share. Many have environments where it’s used, and may not be the administrators or even able to view data from the Symantec Endpoint Protection Manager. In light of that, I’ve written a PowerShell script to check the last update time for SEP definitions that can either be run manually or set as a scheduled task.

# Check if Symantec Endpoint Protection is installed. If not, exit.

#Check last write date of AV definitions and compare to a variable set forĀ time – 7 days.Ā 

# Write to the event log whether definitions are current or not

#Send email if definitions are out of date

*Things to Note*

  • As it stands, in each of the “if ($writetime” blocks there is a “write-host”. If you plan on running this as a scheduled task you’ll want to remove or comment out those lines.
  • I will also be writing this as a SCOM management pack, and an SCCM Compliance Item.

 



###################################################################
## Check Symantec Endpoint Protection Antivirus Definition Dates ##
## v1.1 ##
## Matt Hansen // 01-06-2017 ##
###################################################################

#Set Variables
$hostname = hostname
$7daysago = (get-date).AddDays(-7)
$key = 'HKLM:SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion\SharedDefs'

#Test for registry key path and execute if neccessary
if (test-path -path $key)
{

$path = (Get-ItemProperty -Path $key -Name DEFWATCH_10).DEFWATCH_10
$writetime = [datetime](Get-ItemProperty -Path $path -Name LastWriteTime).lastwritetime
#Write-Host A min ago was $7daysago. DEFs was last written at $writetime

if ($writetime -lt $7daysago)
{Write-host "You have old defs"
Write-EventLog -LogName "Application" -Source "Symantec Antivirus" -EventId "7076" -EntryType "Warning" -Message "Symantec Definitions are older than 7 days. Last update time is was $writetime"
$notify = "yes"
}

if ($writetime -gt $7daysago)
{Write-host "You have current defs"
Write-EventLog -LogName "Application" -Source "Symantec Antivirus" -EventId "7077" -EntryType "Information" -Message "Symantec Definitions are current within 7 days. Last update time is was $writetime"
$notify = "no"

}

#Email Notify
if ($notify -eq "yes")
{
$param = @{
SmtpServer = "smtpserver@company.local"
Port = 25
UseSsl = $false
#Credential = "you@gmail.com"
From = "SymantecDefChecks@mcompany.local"
To = "administrator@company.local"
Subject = "Symantec Defintions Out-of-Date on $hostname"
Body = "Symantec Definitions are older than 7 days. Last update time is was $writetime on $hostname"
}
Send-MailMessage @param
#write-host "Email Sent"
}

}
Else {Write-host "Not installed"}

I hope this makes your day at least a little bit easier.

Thanks,

Symantec Backup Completed with Exceptions oem13.inf

Posted on

JobStatus_Exception

 

 

I recently was given this error in a backup that was leveraging Symantec Backup Exec 2010 R2. I noticed that it wasn’t failing but was “Completing with Exceptions”. Upon investigation of the job log I found the errors above, and below.

 

not_present

 

 

Upon research I found that in this version of Backup Exec (13.0) against this version of Windows (2008 R2) the VSS looks for the two files when they are not there — then fails and says they were not included in the backup.

Fantastic. Easy fix. There are two ways you can do this. One, is that you go into “C:\Windows\INF\” and make a blank text file and name it oem13.inf and then again naming it oem14.inf. The operating system won’t ever utilize it, but it will calm the unwarranted errors in Backup Exec.

The other way to remedy this is to add two simple exceptions into the backup.

 

13inf

 

 

Launch the backup exec console, find your job in “Job Monitor” and edit the include/exclude under Source –> Selections. Add the path “C:\Windows\INF” and the file “OEM13.INF” then do this again for “OEM14.INF” like above.

 

All things considered, a very easy fix. I prefer the second option so that you’re not cluttering the critical areas of the file system.

 

Hope I’ve made your day a little easier!