vseutil tool performs the following
- scan networks and single machines
- read and update registry values (epolicy orchestrator)
- copy latest DAT files to target machine in order to keep VSE 8.8.x antivirus updated
- upgrade as well as downgrade DAT files on endpoint machines
- works only with VSE 8.8.x (future versions of vseutil will include every version of VSE)
- keep log files for every action performed by the tool
The vseutil script developed based on the following article which describes the steps to manually update VSE 8.8.x DAT files on endpoints machines
https://kc.mcafee.com/corporate/index?page=content&id=KB51679
vseutil runs on 32bit as well as 64bit Windows OS
if you are using python 2.7.x in 64bit Windows you will need to download the relative python windows extensions in order for this tool to run.
- Visit the following URL to download the latest extensions https://github.com/mhammond/pywin32/releases
everyone who want to keep VSE antivirus signatures updated on endpoints when McAfee agent does not communicating correctly with McAfee ePO.
- C:\Program Files\Common Files\McAfee\Engine must be shared
- Privileged domain users must have read/write permissions to C:\Program Files\Common Files\McAfee\Engine
- McAfee services McShield and McAfeeFramework must be allowed to be modified on target machines
- Endpoints must alow WMI connections from privileged domain users to manipulate registry values
- Privilleged domain users must be able to connect through SMB connections to endpoints that have VSE 8.8.x installed
- Disable UAC on endpoints
As shown at the previous image this tool can run only when no service protection is enabled from VSE console. Because we dont want non-privileged users to stop McAfee services from functioning, but instead we only want privileged users to be able to modify the services, we must add privileged domain users at local security policy by selecting administrative tools located at control panel,then local security policy,then user rights assignment and then select "act as part of the operating system". The following images show the process.
- Administrative tools --> Local security policy
- Local Security Policy --> User Rights Assignment
- User Rights Assignment --> act as part of the operating system
- act as part of the operating system --> add domain user
- Running the script without arguments gives the following
#####Registry Values:
- DATVersion
- Version
- DatInstallDate
- HotFixVersions
- Uninstall Command
- EngineVersion
- DatDate
- EngineInstallDate
- Install Path
- Installs CMA
- Plugin Flag
- Plugin Path
- Software ID
- McTrayAboutBoxDisplay
- Enforce Flag
- CLSID
- Language
- Product Name
-c
use this option to specify IP address as well as range of addresses using cidr--sf
use this option to specify the source file that will be copied to target machine--df
use this option to specify the destination that the file will be copied-r
use this option to specify the registry value you want to review-u
use this option to specify username-p
use this option to specify password-s
use this option to specify the first IP address to check-t
use this option to specify the last IP address to check--out
use this option to save the output into a log file --> e.g. '--out vse.log' or vse.csv-d
use this option if you want to downgrade the DAT version
python pyinstaller.py --onefile vseutil.py
- Update VSE on a range of machines in subnet
vseutil.exe -s from_ip -t to_ip -u DOMAIN\user -p password --sf src_file --df Share_folder_name -r "value"
- Update VSE on a single machine
vseutil.exe -c target_ip -u DOMAIN\user -p password --sf src_file --df Share_folder_name -r "value"
- Update VSE on a range of machines in a subnet using cidr
vseutil.exe -c ip/cidr -u DOMAIN\user -p password --sf src_file --df Share_folder_name -r "value"
- Show registry values on a range of machines in a subnet
vseutil.exe -s from_ip -t to_ip -u DOMAIN\user -p password -r "value"
- Show registry value on a range of machines in a subnet using cidr
vseutil.exe -c ip/cidr -u DOMAIN\user -p password -r "value"
- Show registry value on a single machine
vseutil.exe -c ip -u DOMAIN\user -p password -r "value"
- Execute vseutil.exe and save the output into a file
vseutil.exe -c ip -u DOMAIN\user -p password --sf src_file --df Share_folder_name -r "value" --out vse.log
- Execute vseutil.exe and downgrade the DAT version on endpoints as well as save the output into a log file
vseutil.exe -c ip -u DOMAIN\user -p password --sf src_file --df Share_folder_name -r "value" --out vse.log -d