Occasionally when I talk with FCS customers they are interested in determining the state or health of an FCS client in a script.  This script might be used for a computer login script, VPN access script, or network quarantining solution (not NAP for which FCS already has a plugin).  A few customers would like to see the information that is typically shown in the FCS user interface(UI) when the FCS UI is restricted via policy.

The sample below uses several of the registry keys described in the FCS documentation to output information similar to what is presented in the FCS Home and Help>About UI.

Microsoft Forefront Client Security version:  1.5.1973.0
Engine version:  1.1.5605.0
Antivirus Definition:  Version 1.79.1025.0 created on 4/2/2010 4:26:40 AM
Antispyware Definition:  Version 1.79.1025.0 created on 4/2/2010 4:26:41 AM
Last scan:  4/2/2010 4:00:01 AM (Quick Scan)

This script was written so that it could be easily extended and plugged into other solutions or have your business logic applied.  For example you can easily determine if a scan has been run today or if definitions were updated this week by add a line or two:

WScript.echo "Scanned today? : " & CBool(DateDiff("d",LastScanTime,Now)<=1)

WScript.echo "Updated definitions this week? : " & CBool(DateDiff("d",AV_BuildDate,Now)<=7)

As the disclaimer says, the sample itself is not supported by Microsoft, but I hope that you find it useful.

 

' 2010 Microsoft Corporation. All rights reserved. ' This sample script is not supported under any Microsoft standard support program or service. The sample script is provided AS IS without warranty of any kind. ' Microsoft disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. ' The entire risk arising out of the use or performance of the sample script remains with you. ' In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever ' (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out ' of the use of or inability to use the sample script, even if Microsoft has been advised of the possibility of such damages.  Option Explicitconst FCS_REGKEY_ROOT = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Forefront\Client Security\1.0\AM" Dim SCAN_KEY, SIGNATUREUPDATES_KEYDim AV_VERSION_VALUE, AS_VERSION_VALUE, ENGINE_VERSION_VALUE, AV_DATE, AS_DATEDim LAST_SCAN_TIME, LAST_SCAN_TYPE, INSTALL_PATH_VALUESCAN_KEY=FCS_REGKEY_ROOT & "\Scan"SIGNATUREUPDATES_KEY = FCS_REGKEY_ROOT & "\Signature Updates"INSTALL_PATH_VALUE= FCS_REGKEY_ROOT & "\InstallLocation"AV_VERSION_VALUE= SIGNATUREUPDATES_KEY &"\AVSignatureVersion" AS_VERSION_VALUE= SIGNATUREUPDATES_KEY &"\ASSignatureVersion"ENGINE_VERSION_VALUE= SIGNATUREUPDATES_KEY &"\EngineVersion"AV_DATE= SIGNATUREUPDATES_KEY &"\AVSignatureApplied" AS_DATE= SIGNATUREUPDATES_KEY &"\ASSignatureApplied"LAST_SCAN_TIME= SCAN_KEY & "\LastScanRun"LAST_SCAN_TYPE= SCAN_KEY & "\LastScanType"   '************ MAIN ************Dim AV_Version, AS_Version, EngineVersion, ProductVersionDim AV_BuildDate, AS_BuildDate, LastScanTime, LastScanTypeDim objShellset objShell      = CreateObject("WScript.Shell")  '============ Get current info ============AV_Version = objShell.RegRead(AV_VERSION_VALUE)AS_Version = objShell.RegRead(AS_VERSION_VALUE)EngineVersion = objShell.RegRead(ENGINE_VERSION_VALUE)AV_BuildDate = BinaryToDate( objShell.RegRead(AV_DATE) )AS_BuildDate = BinaryToDate( objShell.RegRead(AS_DATE) )ProductVersion = GetProductVersion(INSTALL_PATH_VALUE)LastScanTime = BinaryToDate( objShell.RegRead(LAST_SCAN_TIME) )LastScanType = GetScanType( objShell.RegRead(LAST_SCAN_TYPE) ) '============  Display summary info ============WScript.echo "Microsoft Forefront Client Security version:  " & ProductVersionWScript.echo "Engine version:  " & EngineVersionWScript.echo "Antivirus Definition:  Version " & AV_Version & " created on " & AV_BuildDateWScript.echo "Antispyware Definition:  Version " & AS_Version & " created on " & AS_BuildDateWScript.echo "Last scan:  " & LastScanTime & " (" & LastScanType & ")" '************ END MAIN ************  '==============================================================='Function BinaryToDate will covert a binary DATE_TIME structure into a Variant date set to the local time'  Parameter: bArray - a VARIANT array of bytes'  Return: a VARIANT dateFunction BinaryToDate(bArray)dim Seconds,Days,dateTime Set dateTime = CreateObject("WbemScripting.SWbemDateTime") Seconds       = bArray(7)*(2^56) + bArray(6)*(2^48) + bArray(5)*(2^40) + bArray(4)*(2^32) _                     + bArray(3)*(2^24) + bArray(2)*(2^16) + bArray(1)*(2^8) + bArray(0) Days            = Seconds/(1E7*86400) dateTime.SetVarDate   CDate(DateSerial(1601, 1, 1) + Days ), false BinaryToDate = dateTime.GetVarDate ()End Function '==============================================================='Function GetProductVersion will query a registry key for the file location and then return the version from the filesystem'  Parameter: strRegPath - path to the registry pointing to the installation location'  Return: a VARIANT string containing the product versionFunction GetProductVersion(regPath) const FILE_TO_CHECK = "\msmpeng.exe" dim strFilePath, objFSO strFilePath = objShell.RegRead(regPath) & FILE_TO_CHECK  Set objFSO = CreateObject("Scripting.FileSystemObject") GetProductVersion = objFSO.GetFileVersion(strFilePath) Set objFSO = NothingEnd Function '==============================================================='Function GetScanType will return a string with the scan type that corresponds to the enum'  Parameter: iScanType - type of scan'  Return: a VARIANT string containing text type of scanFunction GetScanType(iScanType) Select case(iScanType)   Case 1 : GetScanType= "Quick Scan"   Case 2 : GetScanType= "Full Scan"   Case Else GetScanType= "Invalid Scan type" End SelectEnd Function