sms_def.mof

[DennisZhao]

I need to use sms 2003 to scan all the workstations virus def files. Since we are currently using Mcafee 8.0, and the only place that contains the dat version is the registry. So, I added the following mod to my sms_def.mof file. Now I can see the new field names in the report, but values aren't being populated, they stay at null. Can anyone see the problem?




// <:[-<>>>>>>>>>>>>>>>>>>>>>-Network Associates/McAfee Anti-Virus-<<<<<<<<<<<<<<<<<<<>-]:>

//`'`*._.*`'`*-
// Note: This class uses the registry property provider, which requires the class to be // "removed" via the deleteclass command prior to changing the class structure.
// Note: This class contains multiple instances. This allows data for legacy, 4.5, and // NetShield McAfee versions to report in a single class.
//`'`*._.*`'`*-

//`'`*._.*`'`*-
// McAfee Data Class
//`'`*._.*`'`*-

#pragma namespace("\\\\.\\root\\cimv2")
#pragma deleteclass("McAfee", NOFAIL)

[DYNPROPS]
class McAfee
{
[key] string KeyName="";
string szCurrentVersionNumber;
string szDatVersion;
string szEngineVer;
string szDatDate;
};

//`'`*._.*`'`*-
// Instance of McAfee for Version 4.5
//`'`*._.*`'`*-

[DYNPROPS]
instance of McAfee
{
KeyName="McAfee 4.5";
[PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Network Associates\\TVD\\VirusScan|szCurrentVersionNumber"),
Dynamic, Provider("RegPropProv")] szCurrentVersionNumber;
[PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Network Associates\\TVD\\Shared Components\\VirusScan Engine\\4.0.xx|szDatVersion"),

Dynamic, Provider("RegPropProv")] szDatVersion;
[PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Network Associates\\TVD\\Shared Components\\VirusScan Engine\\4.0.xx|szEngineVer"),
Dynamic, Provider("RegPropProv")] szEngineVer;
[PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Network Associates\\TVD\\Shared Components\\VirusScan Engine\\4.0.xx|szDatDate"),
Dynamic, Provider("RegPropProv")] szDatDate;
};

//`'`*._.*`'`*-
// Instance of McAfee for Version 4.03 and older...
//`'`*._.*`'`*-

[DYNPROPS]
instance of McAfee
{
KeyName="McAfee Legacy";

[PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\McAfee\\VirusScan|szProductVer"),
Dynamic, Provider("RegPropProv")] szCurrentVersionNumber;

[PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\McAfee\\VirusScan|szVirDefVer"),
Dynamic, Provider("RegPropProv")] szDatVersion;

[PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\McAfee\\VirusScan|szEngineVer"),
Dynamic, Provider("RegPropProv")] szEngineVer;

[PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\McAfee\\VirusScan|szVirDefDate"),
Dynamic, Provider("RegPropProv")] szDatDate;
};

//`'`*._.*`'`*-
// Instance of McAfee for 4.5 Server (NetShield)
//`'`*._.*`'`*-

[DYNPROPS]
instance of McAfee
{
KeyName="McAfee Server (NetShield)";
[PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Network Associates\\TVD\\NetShield NT\\CurrentVersion|szProductVer"),
Dynamic, Provider("RegPropProv")] szCurrentVersionNumber;
[PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Network Associates\\TVD\\NetShield NT\\CurrentVersion|szVirDefVer"),
Dynamic, Provider("RegPropProv")] szDatVersion;
[PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Network Associates\\TVD\\NetShield NT\\CurrentVersion|szEngineVer"),
Dynamic, Provider("RegPropProv")] szEngineVer;
[PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Network Associates\\TVD\\NetShield NT\\CurrentVersion|szVirDefDate"),
Dynamic, Provider("RegPropProv")] szDatDate;
};

//`'`*._.*`'`*-
// Instance of McAfee for Enterprise 8.0
//`'`*._.*`'`*-

[DYNPROPS]
instance of McAfee
{
KeyName="McAfee Enterprise 8.0";
[PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Network Associates\\TVD\\VirusScan Enterprise\\CurrentVersion|szProductVer"),
Dynamic, Provider("RegPropProv")] szCurrentVersionNumber;
[PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Network Associates\\TVD\\VirusScan Enterprise\\CurrentVersion|szVirDefVer"),
Dynamic, Provider("RegPropProv")] szDatVersion;
[PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Network Associates\\TVD\\VirusScan Enterprise\\CurrentVersion|szEngineVer"),
Dynamic, Provider("RegPropProv")] szEngineVer;
[PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Network Associates\\TVD\\VirusScan Enterprise\\CurrentVersion|szVirDefDate"),
Dynamic, Provider("RegPropProv")] szDatDate;
};

//`'`*._.*`'`*-
// Reporting Class for McAfee
//`'`*._.*`'`*-

#pragma namespace("\\\\.\\root\\cimv2\\SMS")
#pragma deleteclass("McAfee", NOFAIL)

[SMS_Report(TRUE), SMS_Group_Name("McAfee Virus Scan"), SMS_Class_ID("MICROSOFT|McAfee|1.0")]
class McAfee : SMS_Class_Template
{
[SMS_Report(TRUE),key] string KeyName;
[SMS_Report(TRUE) ] string szCurrentVersionNumber;
[SMS_Report(TRUE) ] string szDatVersion;
[SMS_Report(TRUE) ] string szEngineVer;
[SMS_Report(TRUE) ] string szDatDate;
};

// <:[-<>>>>>>>>>>>>>>>>END>>-Network Associates/McAfee Anti-Virus-<<END<<<<<<<<<<<<<<>-]:>


// And the epo

// <:[-<>>>>>>>>>>>>>>>>BEGIN-Network Associates/McAfee ePO Agent-<<END<<<<<<<<<<<<<<>-]:>
//`'`*._.*`'`*-
// McAfee ePO Agent Data Class
//`'`*._.*`'`*-
#pragma namespace("\\\\.\\root\\cimv2")
#pragma deleteclass("McAfee_ePO_Agent", NOFAIL)
[DYNPROPS]
class McAfee_ePO_Agent
{
[key] string KeyName="";
string szePOVersion;
string szePOName;
string szePOGUID;
string szePOInstallPath;
};
//`'`*._.*`'`*-
// Instance of McAfee ePO 3x
//`'`*._.*`'`*-
[DYNPROPS]
instance of McAfee_ePO_Agent
{
KeyName="McAfee ePO 3.x";
[PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Network Associates\\ePolicy Orchestrator\\Agent|Installed Path"),
Dynamic, Provider("RegPropProv")] szePOInstallPath;
[PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Network Associates\\ePolicy Orchestrator\\Application Plugins\\EPOAGENT3000|Version"),
Dynamic, Provider("RegPropProv")] szePOVersion;
[PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Network Associates\\ePolicy Orchestrator\\Agent|ComputerName"),
Dynamic, Provider("RegPropProv")] szePOName;
[PropertyContext("local|HKEY_LOCAL_MACHINE\\SOFTWARE\\Network Associates\\ePolicy Orchestrator\\Agent|AgentGUID"),
Dynamic, Provider("RegPropProv")] szePOGUID;
};
//`'`*._.*`'`*-
// Reporting Class for McAfee ePO Agent
//`'`*._.*`'`*-
#pragma namespace("\\\\.\\root\\cimv2\\SMS")
#pragma deleteclass("McAfee_ePO_Agent", NOFAIL)
[SMS_Report(TRUE), SMS_Group_Name("McAfee ePO Agent"), SMS_Class_ID("MICROSOFT|McAfee_ePO|1.0")]
class McAfee_ePO_Agent : SMS_Class_Template
{
[SMS_Report(TRUE),key] string KeyName;
[SMS_Report(TRUE) ] string szePOVersion;
[SMS_Report(TRUE) ] string szePOName;
[SMS_Report(TRUE) ] string szePOGUID;
[SMS_Report(TRUE) ] string szePOInstallPath;
};
// <:[-<>>>>>>>>>>>>>>>>END>>-Network Associates/McAfee ePO Agent-<<END<<<<<<<<<<<<<<>-]:>

 

[tbrennans]

I didnt look for an error that would prevent info from showing up BUT I do have a Q: Did you you compile the sms_def.mof file on a client as unlike 2.0, you have to recompile the mof on every client machine (after testing) before it will return results.

 

[DennisZhao]

When you say compaile, did you mean running the mofcomp.exe command? I tried to test it on a client workstations. Here is what I did:

I copy the sms_def.mof to the local hard drive, then from the command prompt I ran "mofcomp.exe -check" and "mofcomp.exe", both ran fine without any error. Then I used the Wbemtest.exe to test the mof file, but I was having the same problem, where the values stayed at null.

 

[mib147]

If you look at the registry keys, are all values populated? If one value isn't populated then WMI will return all fields as null.

If all keys have values, I would suggest you strip out anything that doesn't have to do with McAfee 8.0. Test that first.

I assume you grabbed this from the monster.mof?

 

[tbrennans]

just running mofcomp won't do it if the new sms_def file isnt there...and part of the mofcomp command

Package source files = mofcomp.exe and what ever your latest sms_def.mof is.

Program command line = mofcomp.exe sms_def.mof

run silent...suppress all notifications

http://myitforum.com/articles/8/view.asp?id=6700

 

[DennisZhao]

This was from monster.mof, now after reading that article, it looks like I shouldn't messed with the sms_def anymore.

Is there a way I can use file collection to read the registry?

and

Do you know what programming language is the sms_def.mof written with? I showed it to a few programmers in my company, non of them seem to recognize what it is.

 

[tbrennans]

Upgrading the mof is fine it just says don't replace the old mof with the monster mof, meaning just take what you need from the monster and add it to the existing sms_def.mof as the monster mof doesnt included everything the new sms_def.mof needs.

then compile it on the server place it in the \sms_<site_code>\inboxes\clifiles.src\hinv folder at each site in the hierarchy

then mofcomp it on the clients and run an inventory.

An SMS installer script is here that does both:

http://www.myitforum.com/inc/upload/9234mofupdater.zip

 

[tbrennans]

keep in mind that should be done in a lab 1st then production.

 

[DennisZhao]

I manually compiled the file on a few clients, and the info are coming you from those computers.

So, in sms 2.0, I didn't have to compile the new mof file on every client? Seems like sms 2003 took a step back.

One thing i don't understand is: if the original mof file is pulled from the server to the client, and I have to compile the new mof on every client. Then shouldn't the new clients (new computers on the network) automatically get the new sms_mof file? I am not seeing those either.

 

[tbrennans]

the original mof on legacy clients comes from the servers and works the way it used to. It was "thought" that the advanced client would have what it needed and I dont think anyone thought about additions.

If you were to need to add some of the "falses" to "trues" in the existing sms_def.mof you wouldnt need to recompile those, you would just change it and those would go down to the clients.

 

[DennisZhao]

I am still new to the packages and advertisment part of sms 2003. Let me know if this is correct.


The .idf file you have linked above, I need to use windows installer to compile it into a .exe file, and then import that .exe file into a sms package.

 

[tbrennans]

Correct

 

[DennisZhao]

The idf file couldn't compile for some reason, I will try it again. Would I be able to do it this way?
Since I only have 1 sms server(1 sms site), and all I need to do is run the mofcomp.exe command on each client.

I tried to create a package from scratch. I mapped the data source to a folder which contains the new sms_def.mof file, and in the program command line I used "mofcomp.exe \c:sms_def.mof", this is getting an error 1 in my log files. Am I using the wrong command line? and is there any reason I shouldn't do it this way?