What to put in a script to check anti-virus program healthiness

The sort of checks you might want to put into a “PC Health Check” script, for anti-virus program healthiness is as follows

CA eTrust

  1. vet.dat has a recent* modified/created date.
  2. SigCheck is reporting a recent* version of the anti-virus signature file.
  3. PhonHome is reporting that “Phone home successful”
  4. eTrust services are running (at least INORT, INORPC, INOTASK)

McAfee AV client / EPO

  1. avvscan.dat has a recent* modified/created date.
  2. OnAccessScanLog.txt has a recent* modified/created date.
  3. McAfee services are running.

Microsoft Security Essentials

  1. mpavdlta.vdm & mpasdlta.vdm have recent* modified/created date.
    (Microsoft, bless ‘em, hide these files in a subdirectory which changes with each update, under C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\)
  2. MSE services are running (at least MSMENG)

What’s this about recent?
In a corporate environment, I would define recent as anywhere from 4 –> 8 days.  This is because most users turn “their” PCs off on Friday night, and turn the PC back on 3 days later (Monday).  And people do go on holidays for at least a weeks duration …