Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 1323 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Audit the version of Sophos

iBog
Is there a way to query a remote system to determine:

1. What version of Sophos is installed
2. What version/date the signature is
3. That Sophos is active and running

I would prefer to create a script to determine this. Are there any registry values I can look for?
:10871


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    I assume these machines are unmanaged, and therefore querying the SEC database is out?

    I posted the following:

    /search?q= 7803

    which will get you at the information locally. Maybe this could write out some keys you could then query?

    The other option at least for the version is to go after the uninstall hive,e.g.:
    HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Microsoft\Windows\CurrentVersion\Uninstall\{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}\DisplayVersion

    Where:
    {9ACB414D-9347-40B6-A453-5EFB2DB59DFA} is the GUID of SAV.


    Hope this offers something.

    Regards,

    Jak

    :10889
Reply
  • 0

    Hi,

    I assume these machines are unmanaged, and therefore querying the SEC database is out?

    I posted the following:

    /search?q= 7803

    which will get you at the information locally. Maybe this could write out some keys you could then query?

    The other option at least for the version is to go after the uninstall hive,e.g.:
    HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Microsoft\Windows\CurrentVersion\Uninstall\{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}\DisplayVersion

    Where:
    {9ACB414D-9347-40B6-A453-5EFB2DB59DFA} is the GUID of SAV.


    Hope this offers something.

    Regards,

    Jak

    :10889
Children
No Data