|
Well you can view in the Symantec Console what the versions are and sort by versions, hilight those that are not at the lastest version and then export to CSV file.
Then target your KiX script to install updates on those systems.
Then your script would only need to check IF the system even has AV installed, or check if it's not set or assigned to a given Parent Server, if not then install. Which can also be done remotely from the console.
I guess what I'm saying is that except for a system that doesn't have Symantec AV or isn't reporting to your console everything for updating can be done in the console.
| 
