Real quick post –
Here’s some powershell to check the version of cceraser.dll on systems in an AD Domain and export the results to csv.
Import-Module ActiveDirectory
$computers = Get-ADComputer -SearchBase "OU=BaseOUForComputers,DC=YOUR,DC=DOMAIN" -filter * | Select -ExpandProperty Name
foreach ($computer in $computers) {
Get-ChildItem -Recurse -Force "\\$computer\c$\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\*" -include cceraser.dll -ErrorAction SilentlyContinue | %{ $_.VersionInfo } | Select-Object FileName,FileVersion | Export-Csv C:\PSSearch\FoundFiles-cceraser.csv -nti -append
}
If your environment is small enough, just look through that CSV for file versions of 117.2.0 and earlier (117.3.0.358 and greater is good), and you’ll know that you need to update/repair their Symantec Endpoint Protection definitions before you can install Microsoft’s patches.
If your environment is larger, you might want something more significant.
Update 01/09/2018 – Here’s some more useful Powershell to look for the necessary “QualityCompat” registry key that should be set if your A/V software is up to date and your A/V vendor is playing along. (Check this doc being maintained by Kevin Beaumont / @GossiTheDog to see if your A/V vendor is playing along https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?usp=sharing&sle=true)
################### Search for MeltdownAVCompatibility Registry Keys ###################
Import-Module PSRemoteRegistry
Import-Module ActiveDirectory
$computers = Get-ADComputer -SearchBase "DC=YOUR,DC=DOMAIN" -filter * | Select -ExpandProperty Name
foreach ($computer in $computers) {
Get-RegValue -ComputerName $computer -Key 'SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat' | Export-CSV c:\PSSearch\FoundRegKeys-MeltdownAVCompatibilityKey.csv -nti -append
}
Reference:
https://support.symantec.com/en_US/article.TECH248545.html
I CAN'T HACK IT ...OR CAN I? 