The sort of checks you might want to put into a “PC Health Check” script, for anti-virus program healthiness is as follows
- vet.dat has a recent* modified/created date.
- SigCheck is reporting a recent* version of the anti-virus signature file.
- PhonHome is reporting that “Phone home successful”
- eTrust services are running (at least INORT, INORPC, INOTASK)
McAfee AV client / EPO
- avvscan.dat has a recent* modified/created date.
- OnAccessScanLog.txt has a recent* modified/created date.
- McAfee services are running.
Microsoft Security Essentials
- mpavdlta.vdm & mpasdlta.vdm have recent* modified/created date.
(Microsoft, bless ‘em, hide these files in a subdirectory which changes with each update, under C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\)
- MSE services are running (at least MSMENG)
What’s this about recent?
In a corporate environment, I would define recent as anywhere from 4 –> 8 days. This is because most users turn “their” PCs off on Friday night, and turn the PC back on 3 days later (Monday). And people do go on holidays for at least a weeks duration …