PDQ Inventory Collection: Find computer with McAfee datdate older then X days
Hi I would love some help from the community with this one.
We are running McAfee Antivirus. The software version stays the same unless there is a major update. When there is a new antivirus signature the value "AVDatDate" in HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\McAfee\AVEngine is updated. For today the value is "2018/09/25"
I have included the registry path in the default scanner profile and can see that is populated with correct value. Now here comes the tricky part that i have not solved and hope someone could help me with.
I want to have an collection that compares the DatDate with todays date. If it's not the same / or older / or older than x days i want to see those computers. I don't want to set an variable everyday this should be automatic.
I thought that the builtin variables could help me since there is a $(Date) variable. But that variable is written 2018-09-25 and the DatDate is written 2018/09/25 . I have tried but could make this work. If there where a $(Date/) variable that used "/" instead of "-" for formating the date i believe it would work.
All help is appreciated BR
Comments
If you are running McAfee AV in an enterprise environment, is there a reason you are not using EPO ? Does your McAfee AV utilize McAfee agent for updating AV signature ? If it does, it would be a lot easier to setup a scheduled task to run "CmdAgent.exe /c" daily.
https://kc.mcafee.com/corporate/index?page=content&id=KB52707
I think I ran into that a few years ago on something I was doing.
Changing the systems date format changed the $(Date) variable that PDQ saw to the same format.
Kind of a hack workaround, but it functioned. Hope that helps.