' Script: check_av.vbs ' Author: Matt White ' Version: 1.1 ' Date: 01-03-2010 ' Details: Check the current definitions for Symantec AntiVirus are within acceptable bounds ' Usage: cscript /nologo check_av.vbs /w: /c: ' ######################################################### ' Date: 21.12.2016 ' Update for check_mk as local check ' Author: Olaf Assmus ' Version 1.2 ' Create required objects Set ObjShell = CreateObject("WScript.Shell") Set ObjProcess = ObjShell.Environment("Process") const HKEY_CURRENT_USER = &H80000001 const HKEY_LOCAL_MACHINE = &H80000002 Dim strKeyPath, strSymantecVer Dim intWarnLevel, intCritLevel, intYear, intMonth , intDay, intVer_Major, intDateDifference Dim year, Month , Day, Ver_Major Dim arrValue ' Parse Arguments to find Warning and Critical Levels If Wscript.Arguments.Named.Exists("w") Then intWarnLevel = Cint(Wscript.Arguments.Named("w")) Else intWarnLevel = 2 End If If Wscript.Arguments.Named.Exists("c") Then intCritLevel = Cint(Wscript.Arguments.Named("c")) Else intCritLevel = 4 End If ' Determine CPU architecture for correct location of the registry key strCPUArch = objProcess("PROCESSOR_ARCHITECTURE") If InStr(1, strCPUArch, "x86") > 0 Then strKeyPath = "SOFTWARE\Symantec\SharedDefs\DefWatch" ElseIf InStr(1, strCPUArch, "64") > 0 Then strKeyPath = "SOFTWARE\Wow6432Node\Symantec\SharedDefs\DefWatch" End If ' Query Registry using WMI to obtain the definition value Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv") oReg.GetBinaryValue HKEY_LOCAL_MACHINE,strKeyPath,"DefVersion",arrValue ' If the query doesnt return an array Quit - Unknown If isArray(arrValue) = vbFalse Then status=3 itemname="Virendefinition" statustxt="UNKNOWN - Unable to read Definitions from the Registry" Wscript.Echo status & " " & itemname & " - " & statustxt Wscript.Quit status End If ' Generate output from the registry value intYear = CLng("&H" & hex(arrValue(1)) & hex(arrValue(0))) intMonth = CLng("&H" & hex(arrValue(3)) & hex(arrValue(2))) intDay = CLng("&H" & hex(arrValue(7)) & hex(arrValue(6))) intVer_Major = CLng("&H" & hex(arrValue(17)) & hex(arrValue(16))) strSymantecVer= intYear & "-" & intMonth & "-" & intDay & " rev. " & intVer_Major intDateDifference = DateDiff("d", intYear & "/" & intMonth & "/" & intDay, Date) if(intDateDifference <=(intWarnLevel)) Then status=0 itemname="Virendefinition" statustxt="OK: Virendefinition aktuell " & strSymantecVer & " sie ist " & intDateDifference & " Tage alt." Wscript.Echo status & " " & itemname & " - " & statustxt Wscript.Quit status elseif(intDateDifference <= (intCritLevel)) Then status=1 itemname="Virendefinition" statustxt="WARNING: Virendefinition aktuell " & strSymantecVer & " sie ist " & intDateDifference & " Tage alt." Wscript.Echo status & " " & itemname & " - " & statustxt Wscript.Quit status else status=2 itemname="Virendefinition" statustxt="CRITICAL: Virendefinition veraltet " & strSymantecVer & " sie ist " & intDateDifference & " Tage alt." Wscript.Echo status & " " & itemname & " - " & statustxt Wscript.Quit status end if status=3 itemname="Virendefinition" statustxt="UNKNOWN: Virendefinitionsdatei konnte nicht gefunden werden" Wscript.Echo status & " " & itemname & " - " & statustxt Wscript.Quit status