Issue with Regestry with SEP Ver 12

$ServerList = Get-Content “H:\My Documents\My Powershell\serverlist.txt”

foreach ($computer in $ServerList) {

write-host `n

if (Test-Connection -ComputerName $computer -Quiet)
write-host Processing server $computer -ForegroundColor yellow
$column = 1

$Opt = New-CimSessionOption -Protocol Dcom
$Session = New-CimSession -ComputerName $computer -Credential $c -SessionOption $Opt

$AVD = Invoke-Command -ComputerName $computer {((get-ItemProperty ‘Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV’ -Name PatternFileDate -ea 0).PatternFileDate) } -Credential $c
$AVR= Invoke-Command -ComputerName “$computer” {((Get-ItemProperty “HKLM:SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV” -Name PatternFileRevision -ea 0).PatternFileRevision) } -Credential $c

$AVPatternFileDate = $AVD

Convert PatternFileDate to readable date

$AVYearFileDate = [string]($AVPatternFileDate[0] + 1970)
$AVMonthFileDate = [string] ($AVPatternFileDate[1]+1)
$AVDayFileDate = [string] $AVPatternFileDate[2]
$AVPatternFileDate = $AVDayFileDate + "/" + $AVMonthFileDate + "/" + $AVYearFileDate

Write-Host $computer,$AVPatternFileDate,$AVR

Result is:
Processing server CRVWW00A0007
CRVWW00A0007 17/3/2014 4

The above script is working fine for SEP Version 11. but not for SEP Version 12.0
Using this for SEP version 12 not working

$AV= Invoke-Command -ComputerName “$computer” {((Get-ItemProperty “HKLM:Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate” -Name LatestVirusDefsDate -ea 0).LatestVirusDefsDate) } -Credential $c
$AV= Invoke-Command -ComputerName “$computer” {((Get-ItemProperty “HKLM:Symantec\Symantec Endpoint Protection\CurrentVersion\Public-Opstate” -Name LatestVirusDefsRevision -ea 0).LatestVirusDefsRevision) } -Credential $c
Getting error:
Connecting to remote server SERVER1 failed with the following error message : WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet. For more information, see the about_Remote_Troubleshooting Help topic.
Not sure how to get the results in SEP version 12. Please advice.

If its working on SEP 11 and not SEP 12 I’d start thinking that something in SEP has changed.

Try RDPing onto a SEP 12 machine and check that the registry keys you are using are correct. Test remoting using a simple cmdlet like get-process. SEP 12 may have broken/stopped remoting or changed a firewall exception

I’m not sure why you’re creating a CIM Session (with the DCOM protocol) in that code, since you’re not using that session. Invoke-Command uses WinRM (PSSession, not CIMSession).

You can access the registry via WMI, but you’ll have to make use of Invoke-CimMethod to do it, not Invoke-Command.


Have to agree with both moderators here, however the error clearly states that the connection to server1 failed. Since you are using the test-connection cmdlet, the server is online and reachable with ICMP(ping). That narrows it down to:

  1. Firewall exception for WinRM is missing on Server1
  2. If the server running the script and Server1 are on different subnets, maybe there is a firewall there blocking access to WinRM
  3. Your user ($c) is not an “admin” user on Server1
  4. Is the WinRM service running on Server1?

Still, you should follow Richard’s advice on checking if Server1 have those registry values you are looking for.

Next you could try and test remoting from Server1 and see if that works. If you really want to get your fingers dirty, Don Jones has written an blog on how to diagnose WinRM issues here: