Hello everyone. Plugin 14835 (Symantec Norton Antivirus Version Detection) does not correctly detect the version. The referenced key (SOFTWARE\Symantec\Symantec AntiVirus\Install) contains 7.50 if you have 7.50, 7.51, 8.0, 8.1, or 9.0. I have 9.0 now and am distributing it and even on machines with SAVCE 9 installed as a new install (not upgraded from earlier SAVCE) it has 7.50. I have found, however, a location that does have the current version but I'm not sure how useful it may be. I don't know nasl so I don't know its capabilities. This is on Windows XP w/SP2: HKLM\SOFTWARE\INTEL\DLLUsage\VP6 I have three keys in there: C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll REG_SZ 9.0.1000 C:\Program Files\Common Files\Symantec Shared\SSC\Transman.dll REG_SZ 9.0.1000 C:\Program Files\Symantec AntiVirus\Rtvscan.exe REG_SZ 9.0.1000 There's also another huge set of keys that has a lot more information about SAVCE in: HKLM\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion InstalledProducts REG_DWORD 0x80000026 (2147483686) ProductVersion REG_DWORD 0x03e80385 (65536901) ScanEngineVersion REG_DWORD 0x0102000d (16908301) On a Windows 2000 Server w/SP4 and 8.1 client installed (not Server but installed as a client): (same 7.50 in SAV/Install) HKLM\SOFTWARE\Intel\DLLUsage\VP6: C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan REG_SZ 8.1.825 C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliproxy.dll REG_SZ 8.1.825 HLKM\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion: InstalledProducts REG_DWORD 0x0000007 (2147483655) ProductVersion REG_DWORD 0x03390321 (54068001) ScanEngineVersion REG_DWORD 0x04020007 (67239943) On a Windows 2000 desktop and 8.0 client installed: HKLM\SOFTWARE\Symantec\Norton AntiVirus NT\Install has 7.50 HKLM\SOFTWARE\INTEL\DLLUsage\VP6 C:\PROGRA~1\COMMON~1\SYMANT~1\SSC\Scandlgs.dll REG_SZ 8.0.9374 C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliporoxy.dll REG_SZ 8.0.9374 C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe REG_SZ 8.0.9374 HKLM\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion InstalledProducts REG_DWORD 0x80000007 (2147483655) ProductVersion REG_DWORD 0x249e0320 (614335264) ScanEngineVersion REG_DWORD 0x0401000f (67174415) I don't know how to change this plugin to look in these different areas. One thing that may cause problems with the C: being in the key is if someone installed their Windows on a different drive letter. If anyone would like to fix this plugin and make it useful I (and probably others) would greatly appreciate it. If anyone has further questions about keys, etc., please let me know. --Scott _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Thu Oct 21 2004 - 07:12:36 PDT