Hello,
With the recent announcement that all versions of Symantec AV prior to SEP MR3 are potentially vulnerable, I have started developing a new front end to my SEP installer that detects what version is currently installed so that I can then programatically decide if I want to uninstall the old client (run CleanWipe) first or do an in-place "upgrade" of SAV to SEP. The versions that I have to detect are anything from SAV 7 up to SEP 11.
So far I have been using a combination of these registry keys:
HKLM\SOFTWARE\Classes\Installer\Products\"GUIDS"
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC
HKEY_LOCAL_MACHINE\SOFTWARE\Intel\DLLUsage\VP6
and these files:
C:\Program Files\Common Files\Symantec Shared\SSC\Transman.dll
C:\ProgramData\Symantec\Definitions\VirusDefs\definfo.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\definfo.dat
What I'm looking for are other ideas of how I can accurately detect the MANY flavors of SAV/SEP. Filename,fileversion,serviceexists,registry something...whatever.
Thanks for your thoughts and suggestions,
-Mike