#20952 - 2002-05-01 06:44 PM
Re: Anti-Virus Software and KIXtart
|
BrianTX
Korg Regular
Registered: 2002-04-01
Posts: 895
|
Thanks Howard.. I didn't have time to look over the script too closely, but it makes more sense now. I didn't see it, but do you check to see if VirusScan is disabled? I've found many users have found tricks to run programs in such a way that it causes VirusScan to be disabled. Occasionally, it will never work again, so even if it's installed, it's dead in the water...
I notice a lot of hard work done in scripting for VirusScan... as for my sitution, these are the parameters I have to work with:
1. VirusScan 4.5 SP1 is deployed.. 4.5.1 SP1 causes problems with running autoupdate in the runonce or during the logon script (I still haven't figure out why)
2. DAT updates are done daily (random) via internal ftp.
3. SDAT updates are done monthly.. also, using this method, we can deploy ANY setup.exe file that I can create.. this is kind of a strange way to do it, but it can be used to install programs without the user having admin rights in NT/2000.
4. Lots of other things happen in the logon script. Here are some: a. checking drive space b. running software auditting tools c. doing IE updates d. special dial-up section e. updating McAfee settings/file extensions f. copy kixtart files to windows 95
Anyway, I'm still working on it.. bound to figure it out sometime.
Brian
|
Top
|
|
|
|
#20953 - 2002-05-01 06:44 PM
Re: Anti-Virus Software and KIXtart
|
Anonymous
Anonymous
Unregistered
|
Superdat updates only right now. But we're going to be switching from NAI to Trend's office scan in the next few weeks. Kix is going to let me remove 4.5.x from my machines (thank god for msi!) and then trend's deployment for the NT/2k machines and kix again to put office scan on the 9x PC's. It's going to be a beautiful thing. This place has been stuck on sneaker net for years and kix will bring it out of the dark ages of software deployment!
|
Top
|
|
|
|
#20954 - 2002-05-01 06:47 PM
Re: Anti-Virus Software and KIXtart
|
NTDOC
Administrator
Registered: 2000-07-28
Posts: 11624
Loc: CA
|
Howard,
Myself, I have the clients write all the info during logon to a local server based upon their IP address, so there is no WAN traffic, only LAN traffic. Then I run a batch file every couple of days that copies all the data to one file locally on my system then opens Excel and imports the data into a "pretty report" for printing.
No issues about possible file contention, no WAN traffic except when I run my batch file. This works fairly well for us and we run about 3,000 clients From Paris, Hong Kong, Japan, and multiple US locations.
I guess were different. We moved to NAVCE because (at the time) NAI had no "global" solution and we were tired of manually updating our systems. NAVCE has its problems, but so does every other solution I seen or tried. (There is no "perfect" antivirus solution - imho). I wrote a script that ripped out NAI while it was running and replaced it with NAVCE and then restarted the computer. As for Technical Support from NAI - well (again imho) they sucked for no pay support. We did not have "premium" support. We bought it with NAVCE and it was great. We no longer buy the extra support, so naturally the support is not as good. I would guess that both NAI, and SYMANTEC have both beefed up their support and support options in the past couple years. If you look back before the Melissa virus, both companies were lack-luster in development of the product lines. I guess that scare really helped to build business for all the Antivirus companies around the world.
Brian, are you looking for ideas/support for NAI? or were you just curious about what other do?
|
Top
|
|
|
|
#20955 - 2002-05-01 06:57 PM
Re: Anti-Virus Software and KIXtart
|
BrianTX
Korg Regular
Registered: 2002-04-01
Posts: 895
|
NTDOC, I'm always looking for ideas.. Seeing different methods of doing things always helps me fine tune the solution for my organization. I also like sharing my own ideas in hopes that someone might find them useful.
I think that most of us encounter the same issues, so it's nice to see multiple solutions to the same problem. As we accumulate information here, it may be possible to pull it all together and create some sort of books titled:
KIXtart for Dummies From Batch to KIX ... These could have chapters on deploying software, software inventory, and PC management to start with....
I have been deploying Antivirus software through the logon script for 4 years, so I'm bound to have seen some of the same problems other users have seen. The "canned" methods from NAI don't always work as intended in every situation, so it takes a bit of time and effort to script installations and updates.
Brian
|
Top
|
|
|
|
#20956 - 2002-05-01 07:15 PM
Re: Anti-Virus Software and KIXtart
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
BrianTX, The WriteLog() UDFs were designed to write a log file locally on the client for troubleshooting purposes or other local support follow-up.
When collecting data on thousands of clients as I do in my script, I avoid file contention issues by having the client write a small file based on the computer's name to a central server. I then have a Perl program collect and parse the files for reporting. code:
$outfile="\\ambdc009\log$\virus\$ComputerName.txt"
$str = "[Local]" + @CRLF + "LogonDomain=" + $Ldomain + @CRLF + "User=" + $UserID + @CRLF + "IP=" + $IP0 + @CRLF + "Product=" + $ProductName + @CRLF + "Version=" + $NAIver + @CRLF + "Domain=" + $Domain + @CRLF + "System=" + $System WriteLog2($outfile, $str)
[ 01 May 2002, 19:15: Message edited by: Howard Bullock ]
|
Top
|
|
|
|
#20957 - 2002-05-02 03:48 PM
Re: Anti-Virus Software and KIXtart
|
BrianTX
Korg Regular
Registered: 2002-04-01
Posts: 895
|
Thanks, Howard.
We have auditing software that is used to determine what software is loaded on a PC. (We use bvaudit.exe). Unfortunately, it isn't all that accurate on file versions, etc, nor does it give information about current updates. I may have a tough time convincing management that it's necessary.. however, I'm slowly building my case for both ePolicy Orchestrator AND SMS.
Brian
|
Top
|
|
|
|
#20958 - 2002-05-02 04:01 PM
Re: Anti-Virus Software and KIXtart
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
We also use SMS for software inventory, but nothing beats reading the registry at logon for accuracy.
|
Top
|
|
|
|
#20959 - 2002-05-02 04:17 PM
Re: Anti-Virus Software and KIXtart
|
BrianTX
Korg Regular
Registered: 2002-04-01
Posts: 895
|
That's very true... I can think of a lot of information to glean directly from the logon script...
1. Antivirus info (version of program, DAT, scan engine) 2. last user to logon to PC 3. disk space free 4. amount of memory 5. processor in PC 6. installed programs 7. usage info...
.... hmm. sounds like information that I could pull from SMS.. doesn't it also pull from the registry?
Brian
|
Top
|
|
|
|
#20960 - 2002-05-02 05:37 PM
Re: Anti-Virus Software and KIXtart
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
SMS is a great tool, but in a large environment where some business units aren't onboard and SMS takes time to rollout and rollup data, certain things fit well into the script. the determination of what I include in the script vs. what SMS gathers is based on timing requirements and criticality of the info. Anything gathered via logon script has to be post processed in order to be useful. Data gathered by SMS is useful because it flows into a SQL database.
I do not go wild gathering info in the script. There has to be a prudent business case to support additional code.
|
Top
|
|
|
|
#20962 - 2002-05-02 06:43 PM
Re: Anti-Virus Software and KIXtart
|
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
|
I just posted a script to update an access db in the COM forum
Then look for the WMIQuery UDF in the udf forum
|
Top
|
|
|
|
#20965 - 2002-05-03 03:30 PM
Re: Anti-Virus Software and KIXtart
|
BrianTX
Korg Regular
Registered: 2002-04-01
Posts: 895
|
Will.. I love your solution!
I work in a similar situation. However, people here really freak out if they have to make a decision in the logon script. Because of that, I have been tasked to force updates rather than give the "3 strikes you're out" rule.... It sounds like a great idea, though, and certainly one I can ask management about implementing..
On a side note.. if anyone wants to know how to integrate SP1 into the standard install package for VirusScan 4.5.1 using Installation Designer, let me know. It's really pretty easy to do. You can also change some of the default settings prior to adding a registry file for each operating system...
Brian
|
Top
|
|
|
|
#20967 - 2002-05-09 02:46 PM
Re: Anti-Virus Software and KIXtart
|
Will Hetrick
Hey THIS is FUN
Registered: 2001-10-02
Posts: 320
Loc: Harrisburg, PA USA
|
Brian, Let me explain my three chances rule. In the kix script itself, I check the dat version they are currently running. If it does not match with the Current dat file, I try to update it by running the Mupdate utility Included in Virusscan. Then I check the dat version again. If the dat version is not updated that way, I run the superdat/exedat/engine dat depending on what they need. Then I check the dat version again. If that did not work, The third strike I shut them down. They do not get to see or make a decision in this process. Here is the code to show you what I mean. code:
; ;------Finds an Superdat in the Server path $sdatName=Dir($ServPath + "sdat*.exe") ;------Look for a more recent superdat While $sdatName <>"" AND @ERROR = 0 If $sdatname <>"" $sname=$sdatname EndIf $sdatName=Dir() ; retrieve next file Loop
;------Find an Extra dat file in the server path $XdatName=Dir($ServPath + "*xdat.exe") ;------Look for a more recent extra dat file While $XDatName <>"" AND @ERROR = 0 If $XDatname <>"" $Xname=$XDatname EndIf $XDatName=Dir() ; retrieve next file Loop
;------Look for the available engine version $EngName=Dir($ServPath + "*eng.exe") ;------Look for a more recent Engine file While $EngName <>"" AND @ERROR = 0 If $EngName <>"" $Ename=$EngName EndIf $EngName=Dir() ; retrieve next file Loop
;------Extract only the first four digits of the extra dat file $XCheck=SubStr($Xname,1,4) $ECheck=SubStr($EName,1,4)
;-------Compact the values returned to just four digits ;--------so they can be compared to the values returned ;---------by the file names earlier $Regver2=SubStr($regver,5,4) $ENGVER2=SubStr($ENGVER,1,1) + SubStr($ENGVER,3,1) + SubStr($ENGVER,5,2)
Select Case ($Macver = "NONE") OR ($Macver = " ") OR ($Macver = "") If $check = 3 Goto Shutoff EndIf Case ($regver2 = $Xcheck) AND ($engver2 = $Echeck) Goto EndUpdateMcafee
Case ($regver2 <> $Xcheck) AND ($engver2 = $Echeck) $RC=WriteValue("$McUpdate\CurrentVersion\Update\Update Site1","szFTPLocation",$dats,REG_SZ) Shell "%comspec% /e:1024 /c C:\PROGRA~1\commoN~1\networ~1\mcupdate\mcupdate /task update /quiet" If (@error <> 0) OR ($check = 1) Shell $servpath + $Xname + " /s" EndIf Case ($regver2 = $Xcheck) AND ($engver2 <> $Echeck) Shell $servpath + $Ename + " /s"
Case ($regver2 <> $Xcheck) AND ($engver2 <> $Echeck) Shell $servpath + $sname + " /s"
Case 1
EndSelect
$check = $check + 1
If $check = 3 If (Val($regver2) + 1 < $Xcheck) OR (Val($engver2) < $Echeck) :Shutoff $X = LogInfo($Server16 + "auditlog\NEEDMCAFEE.TXT","@DATE @TIME,@WKSTA,@LDOMAIN\@USERID,@Producttype,@csd,$myip,@address") $logit = Shutdown("","Restarting Your Computer. The virus settings are not up to date, please try to login again.",15,1,1) Exit 1 EndIf Else Goto VirusCheck EndIf
:EndUpdateMcafee
The goto's in this code refers to the sections that does the checking and logging off. I am working on making them functions to make the code flow a little better. [ 09 May 2002, 14:51: Message edited by: Will Hetrick ]
_________________________
You have at least 2 choices. Each choice changes your destiny. Choose wisely!
|
Top
|
|
|
|
#20968 - 2002-05-09 03:34 PM
Re: Anti-Virus Software and KIXtart
|
BrianTX
Korg Regular
Registered: 2002-04-01
Posts: 895
|
That's pretty nice, Will.. One modification that i would recommend (and I use) is to change:
code:
$RC=WriteValue("$McUpdate\CurrentVersion\Update\Update Site1","szFTPLocation",$dats,REG_SZ) Shell "%comspec% /e:1024 /c C:\PROGRA~1\commoN~1\networ~1\mcupdate\mcupdate /task update /quiet"
to
code:
$RC=WriteValue($McUpdate + "\CurrentVersion\Update\Update Site1","szFTPLocation",$dats,REG_SZ) $updatepath = READVALUE($Mcupdate + "\CurrentVersion","szInstallDir") Shell $updatepath + "mcupdate /task update /quiet"
or something similar.. that way if the program was for some reason not in the default path for it, it would still work... of course that's real minor.. but thanks for posting your code.. The whole shutdown idea is pretty cool. I just seriously doubt I can get it approved.
Brian [ 09 May 2002, 15:34: Message edited by: BrianTX ]
|
Top
|
|
|
|
#20970 - 2002-05-09 07:45 PM
Re: Anti-Virus Software and KIXtart
|
BrianTX
Korg Regular
Registered: 2002-04-01
Posts: 895
|
Yeah.. well, that's okay.. lol.. I work for the government, so if anything happens, I don't just have my managers/supervisors on my back, I have elected people ticked off... so it's nice to have a manager there to sign off on stuff.. it's called C-Y-A (or CYB if A offends...)!
Brian
|
Top
|
|
|
|
Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart
|
0 registered
and 667 anonymous users online.
|
|
|