(Ransomware) Petya detection from McAfee VSE - How to check the McAfee VSE 8.8 Product version, Engine version, McAfee DAT version and McAfee ExtraDat version local and remotely

1. Create powershell file call "check_mcafee_dat.ps1" by using the following:

$computer = read-host "computer to query"

$ProductVer = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine',$Computer).OpenSubKey('SOFTWARE\McAfee\DesktopProtection').GetValue('szProductVer')

$EngineVer = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine',$Computer).OpenSubKey('SOFTWARE\McAfee\AVEngine').GetValue('EngineVersionMajor')

$DatVer = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine',$Computer).OpenSubKey('SOFTWARE\McAfee\AVEngine').GetValue('AVDatVersion')

$ExtraDatVer = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine',$Computer).OpenSubKey('SOFTWARE\McAfee\AVEngine').GetValue('ExtraDatValueName_0')

Write-Host "$computer - Product version: $ProductVer Engine version: $EngineVer Dat version: $DatVer ExtraDat version: $ExtraDatVer"

2. Run the "check_mcafee_dat.ps1" by using local admin or privilege account

3. Enter the hostname of the target machine

It should return the information like the following:

Remark: The DAT 8574 (27 Jun 2017) already include the Petya detection.

Reference:
https://securingtomorrow.mcafee.com/mcafee-labs/new-variant-petya-ransomware-spreading-like-wildfire/

https://gallery.technet.microsoft.com/scriptcenter/f5f96771-215e-4114-be0b-09c80f5f2c6f/view/Discussions#content

(Ransomware) Petya detection from McAfee VSE - How to check the McAfee VSE 8.8 Product version, Engine version, McAfee DAT version and McAfee ExtraDat version local and remotely