Endpoint Protection

Expand all | Collapse all

Report on Eraser Engine ver Number

  • 1.  Report on Eraser Engine ver Number

    Posted 01-04-2018 01:46 PM

    I need a report that includes the eraser engine versoin number of my SEP 12 clients to be able to plan for and ensure compatibuility with the MS OOB update. I cant find any built in reports with this info, any pointers on where I should look? I found blogs about how to get it from a client but I need the status of all clients ASAP. thanks! 



  • 2.  RE: Report on Eraser Engine ver Number

    Posted 01-04-2018 01:48 PM

    Doesn't seem to be anything within SEPM to produce such a report.

    Probably need to look to a different third party tool such as SCCM or Altiris. Or Powershell.



  • 3.  RE: Report on Eraser Engine ver Number

    Posted 01-04-2018 02:13 PM

    you can use the wmic to get the information from remote machines

    on local machine:

    wmic datafile where name='c:\\ProgramData\\Symantec\\Symantec Endpoint Protection\\CurrentVersion\\Data\\Definitions\\virusdefs\\Date\\CCERASER.DLL' get version

    remote machines

    wmic /node:"@c:\list.txt" datafile where name='c:\\ProgramData\\Symantec\\Symantec Endpoint Protection\\CurrentVersion\\Data\\Definitions\\virusdefs\\Date\\CCERASER.DLL' get version  >>EraserVersion.CSV

     

    File informations are here

    How to check the version of AV Engine, IPS Engine and Eraser Engine from the client computer

    https://support.symantec.com/en_US/article.TECH95856.html



  • 4.  RE: Report on Eraser Engine ver Number

    Posted 01-04-2018 03:38 PM

    A close approximation can be found by looking at the AV definition set version (1/4/2018 r1 or newer), since the erasure engine is part of that. Not guaranteed that the client loads it properly, but a quick way to be mostly successful.

    Some options:

    Report - Computer Status - Virus Definitions Distributions
       - This will give a high level of how many clients on on what version

    Monitors - Computer Status
       - Export and sort with Excel
    or
       - Advanced - Definition date:
         choose version as appropriate for those with or without the newest applied.



  • 5.  RE: Report on Eraser Engine ver Number

    Posted 01-05-2018 07:33 AM

    You can see the Eraser engine version from the SEPM console but it will give overview of the whole environment, will not show you specific computer name.

    See attached screenshots.

     



  • 6.  RE: Report on Eraser Engine ver Number

    Posted 01-05-2018 07:52 AM

    Hello,

    You can fetch by checking which client has definition 04/01/2018 rev.1 

    In case, you have machines with definitions 04/01/2018 rev.1  and above, the machines are installed with Eraser Engine version 117.3.0.358 and above.

    Hope that helps!!



  • 7.  RE: Report on Eraser Engine ver Number

    Posted 01-05-2018 08:06 AM
      |   view attached

    As I can see, the version of ERASER engine is specified in details for each machine in Monitors -> Computer Status Logs -> details (see attached screenshot). Does anybody knows where this value is stored? Or it is just being calculated from definitions pattern version?

     

     



  • 8.  RE: Report on Eraser Engine ver Number

    Posted 01-05-2018 10:42 AM
      |   view attached

    You can pull the repot of Eraser version from Reports>ComputerStatus>Protection Content Versions. See attached screenshot.



  • 9.  RE: Report on Eraser Engine ver Number

    Posted 01-05-2018 10:46 AM

    Hi, the PATTERN table in SEPM DB seems to be the one holding the Eraser engine information.

    This is the query I quickly put together to get some overview:

     

      select COMPUTER_NAME, Computer_Domain_Name, Operation_System, Agent_Version,pa.[PATTERN_TYPE], pa.[Version]

      from  SEM_AGENT  as sa

      JOIN V_SEM_COMPUTER  as comp  ON sa.COMPUTER_ID = comp.COMPUTER_ID

      join [SEM_CONTENT] as sc on sa.Agent_id = sc.agent_id

      join [PATTERN] as pa on sc.[PATTERN_IDX] = pa.[PATTERN_IDX]

      where sa.DELETED <> 1

      and pa.[PATTERN_TYPE] = 'ERASER_ENGINE'



  • 10.  RE: Report on Eraser Engine ver Number

    Posted 01-05-2018 03:26 PM

    This KB article just went up, which includes a check for SEP 14:

    http://www.symantec.com/docs/TECH95856



  • 11.  RE: Report on Eraser Engine ver Number

    Posted 01-05-2018 03:56 PM

    Do you have any recommendations as to how to find those clients that are showing old pattern numbers?



  • 12.  RE: Report on Eraser Engine ver Number

    Posted 01-05-2018 04:40 PM

    Mithun Sanghavi - This worked perfectly for me, thank you!

    I ran Reports->Protection Content Versions to get the endpoint totals per pattern, then exported a CSV from Monitors->Computer Status Logs, and filtered out all versions after 04/01/2018. After filtering out the new versions, the number of clients matched up exactly to those of the older patterns, giving me an accurate list of noncompliant systems.



  • 13.  RE: Report on Eraser Engine ver Number

    Posted 01-12-2018 01:24 AM

     

    Yes it works Perfect for me and was help to know the power if it Updated for the Latest Treat Meltdown & Spectre 

    which Affects the older version of Power  

    Question need to know Power is Integated in SEPM 14 Version with with component does it get Installed AV , PTP, NTP 

    because i don't see any option available in the Install package ..

    Awaiting on response thanks

     

    Caption

     



  • 14.  RE: Report on Eraser Engine ver Number

    Posted 01-12-2018 01:27 AM

    Yes it works Perfect for me and was help to know the power ERASER if it Updated for the Latest Treat Meltdown & Spectre 

    which Affects the older version of Power  ERASER

    Question need to know Power ERASER is Integated with SEPM 14 Version with component does it get Installed AV , PTP, NTP  and how the Update Happens

    Does it Happen Automatically Via Defintions or we have to do manually work 

    Because I don't see any option available while creating the Install package ..

    Awaiting on response thanks