Today I have a quick post. My friend called me that he needs to check SAV definition date which is stored in registry. It is also available in Symantec AntiVirus GUI

SAVdef

But – unfortunately – the value in registry is hex number which needs to be converted to readable format. Whole idea is described at Symantec’s web. As he was interested in PowerShell solution (another one converted) I quickly created short function:

function Get-SAVdefs
{
    param ($def = (Get-ItemProperty HKLM:\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion).UsingPattern )

    [Convert]::ToString($def, 2) -match "^(?<year>\d*)(?<month>\d{4})(?<day>\d{5})(?<rev>\d{9})$" | Out-Null

    "{0}/{1}/{2} Rev {3}" -f $([Convert]::ToInt32($matches.year, 2) + 1998),
        [Convert]::ToInt32($matches.month, 2),
        [Convert]::ToInt32($matches.day, 2),
        [Convert]::ToInt32($matches.rev, 2)
}

So it can be used this way:

PS C:\Scripts > Get-SAVdefs
2011/3/29 Rev 5
PS C:\Scripts > Get-SAVdefs 0x312e02
2010/4/23 Rev 2

As a parameter is used direct path to the registry he provided. Then, the value found is processed with regex. It splits binary number based on info found at mentioned web page. Then all values from $matches are written using format operator.

Main work is done with System.Convert class. It contains few methods for converting numbers, for example to convert number 3652 to binary and back, you can use:

PS C:\Scripts > [convert]::ToString(3652, 2)
111001000100


PS C:\Scripts > [convert]::ToInt16(111001000100, 2)
3652

I am sure you will find some other examples how to use it. BTW: Why 3652? Wait till Friday and you’ll see :)