Read more on "Server Software Spotlight" »

Steps for Running the Script Page 2

Steps for Running the Script

  • Download the script here.
  • Identify a computer from which all the other computers the script will run on are reachable.
  • Create a folder with the name C:\SymantecCheck on the computer.
  • Unzip/decompress the script files to C:\SymantecCheck folder.
  • Edit computers.txt in Notepad and put the computer names for which you want to retrieve the TimeOfLastScan, TimeOfLastVirus and PatternFileDate values. The format of Computers.TXT should look like the following:
Symantec AntiVirus Screenshot #2
  • Go to the command prompt and run the C:\SymantecCheck\GetSymantecValues.CMD script.
  • The script will then run for all the computers mentioned in the computers.txt file as shown in the below screenshot:
Symantec AntiVirus Screenshot #3
  • Once the script is finished, a report file with the name SymantecReport.CSV is generated as displayed in the below screenshot:
Symantec AntiVirus Screenshot #4

As shown in the report above, it also lists the Product Version installed on each computer. The values returned, other than the production version, is in the Hexadecimal format. You must convert these values to Decimal values to know the actual date and time. This is explained in the last part of this article.

Checking the Script Log

The script also creates a log file with the name ProcessingLog.LOG in the same directory. For any computer upon which the script fails to run, the information about the failure will be logged in the log file as shown in the below screenshot:

Symantec AntiVirus Screenshot #5

If you don't see any values for a specific computer, check the log file to make sure the computer was reachable when the script ran for that computer. The registry values returned from the remote computers are logged in the log file first before they are appended in the report file (CSV).

Converting Hexadecimal value to Actual Date and Time

Once the values are available in the Hexadecimal format for all the computers, you need to use the below link provided by Symantec to convert these values to a human-readable format:


For example, the value shown for the TimeOfLastScan registry entry is "2B040804056000." The first two octets are considered as "Year," "04" is considered as the "month," and "08" is considered as the "day." The remaining octets are "time." This is also shown in the below screenshot taken from a Symantec client for the registry entry TimeOfLastScan.

Symantec AntiVirus Screenshot #6

In the above screenshot, 2B is converted to 43 which is year 2013 based on the calculation shown at the Symantec link mentioned above. 04 is a month. Converting 04 into decimal will provide the same value (e.g. 04).

You can either use the HexToDec function in Microsoft Excel or Windows Calculator to convert these octets to decimal.

We hope you find this script useful. If you run into any issues with the script, feel free to drop me an email or post a comment here.

Nirmal Sharma is a MCSEx3, MCITP and Microsoft MVP in Directory Services. He has specialized in Microsoft Technologies since 1994 and has followed the progression of Microsoft Operating System and software. In his spare time, he likes to help others and share some of his knowledge by writing tips and articles on various sites and contributing to Solution IDs for www.Dynamic-SpotAction.com. Nirmal can be reached at nirmal_sharma@mvps.org.

Follow ServerWatch on Twitter and on Facebook

This article was originally published on February 11, 2014
Page 2 of 2

Read more on "Server Software Spotlight" »
Thanks for your registration, follow us on our social networks to keep up-to-date