#51847 - 2000-10-18 06:16 PM
Modify Mcafee 4.x on NT to use AutoUpgrade
|
Bryce
KiX Supporter
Registered: 2000-02-29
Posts: 3167
Loc: Houston TX
|
Hello gang!Thought that I would share my latest project with the group. first a little history.... We use Mcafee Virus scan 4.0.3, and we rely on the autoupgrade feature to
keep the datfiles/engine at the latest version. For win9x computers I was
able to automate this with the logon script, and it works like a champ. Enter NT.... because not all of our users have local admin rights on their computers
this brings some problems to the surface. 1. Can't run superdat from a logon prompt with out admin rights... using SU
is not a good idea it opens a security hole. 2. Can't run the McTaskManager with the local system account because local
system account is unable to access network resources. Also can't run
McTaskManager with the user's account, especially if the user is not a local
admin... 3. there is noooo #3 4. need to "fix" the close to 70 NT workstations that are already been
deployed.
So we have 3 requirements,
1. need to modify McTaskManager to run under an account that has the proper
rights
2. Need to grant the McTaskManager Service account local admin rights on the
NT workstations,
3. need to configure Mcafee's autoupgrade so it knows where to go. Enter KIX.... The following script will, Modify Mcafee's autoupgrade to check once an hour, giving each workstation a
random X minutes after the hour slot. Modify the McTaskManager service to run under the @domain\mcafeeupdate account Grant the @dmoain\mcafeeupdate account the "Log on as service" right and give
it local administrator rights. code:
break on cls
;-----------------------------------------------------------------------------
; The reason for this script is to change the way that Mcafee
; virus scan is updated on nt workstations (here on refered to as "target")
;
; this script has 3 functions,
; 1. Modify the target's registry to point to the location of
; the modified superdat.
;
; 2. Modify the "McTaskManager" service on the target to use the
; account @domain\mcafeeupdate
; (This is done by using the program xnet.exe)
; @domain\mcafeeupdate is just a standard "Domain User" account.
;
; 3. grant the account @domain\mcafeeupdate the "SeServiceLogonRight", and
; place this account in the local Administrators group on the target computer.
; (This is done by using the program ntuser.exe, from the NTSEC utils
; found @ http://www.pedestalsoftware.com Currently installed @ "w:\ntsec"
; and in the local path)
;
; use the kix script ComputerList.kix to generate a list of all NT computers
; that are in the Domain. http://www.neosoft.com/~brycel/kix/other_scripts/Computer_List
;
; The computer list must be in a UNC format. You can provide a username
; and password for systems that that you don't have admin rights on
;
; \\computer1
; \\computer2,<username>,<password>
; \\computer3
; \\computer4
; ....
;-----------------------------------------------------------------------------
$SAccount = "@domain\<domain account>"
$SAccountPW = "<Domain Account password>"
$MfdSDatLoc = "<UNC location to Modified Superdat file>"
$clist = "clist.dat"
$tempfile = "%temp%\kix.txt" del $tempfile
;-----------------------------------------------------------------------------
$McafeeKey = "HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\VirusScan"
$Upgradekey = "Tasks\Upgrade"
$Updatekey = "Tasks\Update"
$Service = "McTaskManager"
$right = "SeServiceLogonRight"
$nextFlag = 0
srnd(val(substr("@time",7,2))*2000000)
;-----------------------------------------------------------------------------
;-----------------------------------------------------------------------------
;-----------------------------------------------------------------------------
if open(1,"clist.dat",2) <> 0
? '"@serror" opening $clist'
? "You must provide a list of target computers for this script to work."
exit
endif
$temp = readline(1)
do
if instr("$temp",",") <> 0
$target = substr("$temp",1,instr("$temp",",")-1)
$targetname = substr("$target",3,len("$target"))
$temp = substr("$temp",len("$target")+2,len("$temp"))
$targetadmin = substr("$temp",1,instr("$temp",",")-1)
$targetpassword = substr("$temp",len("$targetadmin")+2,len("$temp"))
else
$target = rtrim(substr($temp,1,23))
$targetname = substr("$target",3,len("$target"))
$targetadmin = ""
$targetpassword = ""
endif
IF $targetadmin <> ""
use "$target\ipc$$" /user:'$targetname\$targetadmin' /password:$targetPassword
else
use "$target\ipc$$"
endif
Select
case @error = 0
? "____ $target _________________________________________________________________________"
Gosub Registry
if $netxflag = 0
Gosub Service
Gosub Rights
Gosub startstop
else
$nextflag = 0
endif
case @error <> 0
? "Can't connect to $Target -OR- you have insufecent rights"
endselect
use "$target\ipc$" /delete
$temp = readline(1)
until @error <> 0
exit
;-----------------------------------------------------------------------------
:Registry
$mintowait = rnd(59)
? $mintowait
if existkey("$target\$mcafeekey") = 0
? "Registry: Mcafee is installed on $target"
? "Registry: Modifying Automatic Product Upgrade on $target"
$nul = writevalue("$target\$mcafeekey\$upgradekey","" ,'ftp.nai.com/pub/antivirus/datfiles/4.x',"REG_SZ")
$nul = writevalue("$target\$mcafeekey\$upgradekey","bAnonymousLogin" ,'1' ,"REG_DWORD")
$nul = writevalue("$target\$mcafeekey\$upgradekey","bApplyNow" ,'1' ,"REG_DWORD")
$nul = writevalue("$target\$mcafeekey\$upgradekey","bDoUpdate" ,'0' ,"REG_DWORD")
$nul = writevalue("$target\$mcafeekey\$upgradekey","bLogToFile" ,'1' ,"REG_DWORD")
$nul = writevalue("$target\$mcafeekey\$upgradekey","bProxy" ,'0' ,"REG_DWORD")
$nul = writevalue("$target\$mcafeekey\$upgradekey","bRetrieveOnly" ,'0' ,"REG_DWORD")
$nul = writevalue("$target\$mcafeekey\$upgradekey","bSchedEnabled" ,'1' ,"REG_DWORD")
$nul = writevalue("$target\$mcafeekey\$upgradekey","bStartedByConsole" ,'0' ,"REG_DWORD")
$nul = writevalue("$target\$mcafeekey\$upgradekey","bUpdateStoreAfter" ,'0' ,"REG_DWORD")
$nul = writevalue("$target\$mcafeekey\$upgradekey","dwExitStatus" ,"17" ,"REG_DWORD")
$nul = writevalue("$target\$mcafeekey\$upgradekey","dwInternetAccessType" ,"3" ,"REG_DWORD")
$nul = writevalue("$target\$mcafeekey\$upgradekey","dwLastModified" ,"4" ,"REG_DWORD")
$nul = writevalue("$target\$mcafeekey\$upgradekey","dwProxyPort" ,'50' ,"REG_DWORD")
$nul = writevalue("$target\$mcafeekey\$upgradekey","szFTPPassword" ,'user@@hostname',"REG_SZ")
$nul = writevalue("$target\$mcafeekey\$upgradekey","szFTPUserName" ,'anonymous',"REG_SZ")
$nul = writevalue("$target\$mcafeekey\$upgradekey","szProxy" ,'',"REG_SZ")
$nul = writevalue("$target\$mcafeekey\$upgradekey","szTaskName" ,'Automatic Product Upgrade',"REG_SZ")
$nul = writevalue("$target\$mcafeekey\$upgradekey","szUpdateShellScript" ,'',"REG_SZ")
$nul = writevalue("$target\$mcafeekey\$upgradekey","szUpdateStoreFolder" ,'C:\\Program Files\\Network Associates\\VirusScan NT\\Temp',"REG_SZ")
$nul = writevalue("$target\$mcafeekey\$upgradekey","szUpdateUNCLocation" ,'$MfdSDatLoc',"REG_SZ")
$nul = writevalue("$target\$mcafeekey\$upgradekey","szUpgradeCmd" ,'setup -s',"REG_SZ")
$nul = writevalue("$target\$mcafeekey\$upgradekey","uUpdateFrom" ,'1' ,"REG_DWORD")
$nul = writevalue("$target\$mcafeekey\$upgradekey","wDate" ,'14' ,"REG_DWORD")
$nul = writevalue("$target\$mcafeekey\$upgradekey","wFlags" ,"559" ,"REG_DWORD")
$nul = writevalue("$target\$mcafeekey\$upgradekey","wLastExec" ,'0' ,"REG_DWORD")
$nul = writevalue("$target\$mcafeekey\$upgradekey","wTaskAttrib" ,'0' ,"REG_DWORD")
$nul = writevalue("$target\$mcafeekey\$upgradekey","wTaskType" ,"6" ,"REG_DWORD")
$nul = writevalue("$target\$mcafeekey\$upgradekey","wTime" ,'$mintoWait' ,"REG_DWORD")
? "Registry: Disabling Auto DAT Update on $target"
$nul = writevalue("$target\$mcafeekey\$updatekey","bSchedEnabled" ,'0' ,"REG_DWORD")
else
? "Registry: Mcafee is not installed on $target"
$nextflag = 1
endif
return
;-----------------------------------------------------------------------------
:Service
shell '%comspec% /c xnet list $target\McTaskManager | find "Account" > $tempfile'
$nul = open(2,$tempfile,2) $data = readline(2) $nul = close (2) del $tempfile
Select
case ltrim(substr("$data",8,len("$data"))) = $SAccount
? "SERVICE: $target\$service already running under $saccount"
case 1
? "SERVICE: Modifing $service on $target to run under $SAccount"
? "SERVICE: " shell '%comspec% /c xnet modify $target\$service /u:$SAccount /p:$SAccountPW'
endselect
return
;-----------------------------------------------------------------------------
:Rights
shell '%comspec% /c ntuser -s $target lgroup show administrators | find /i "$SAccount"> $tempfile'
$nul = open(2,$tempfile,2) $data = readline(2) $nul = close (2) del $tempfile
Select
Case len("$data") <> 0
? "RIGHTS: $SAccount already has Admin rights on $target"
case 1
? "RIGHTS: Giving $SAccount Admin rights on $target"
? "RIGHTS: " shell '%comspec% /c ntuser -s $target lgroup append administrators $SAccount'
endselect
shell '%comspec% /c ntuser -s $target rights show $right | find /i "$SAccount"> $tempfile'
$nul = open(2,$tempfile,2) $data = readline(2) $nul = close (2) del $tempfile
Select
Case len("$data") <> 0
? "RIGHTS: $SAccount has the rights $right on $target"
case 1
? "RIGHTS: Giving $SAccount the rights $right on $target"
? "RIGHTS: " shell '%comspec% /c ntuser -s $target rights add $right $SAccount'
endselect
return
;-----------------------------------------------------------------------------
:StartStop
? "Stopping and restarting $service on $target"
? shell '%comspec% /c xnet stop $target\$service'
do
shell '%comspec% /c xnet list $target | find /i "$service" > $tempfile'
$nul = open(2,$tempfile,2) $data = readline(2) $nul = close (2) del $tempfile
"." sleep 1
until substr("$data",63,len("$data")) = "stopped"
? shell '%comspec% /c xnet start $target\$service'
return
Bryce
[This message has been edited by Bryce (edited 18 October 2000).]
|
|
Top
|
|
|
|
#51848 - 2000-10-18 06:42 PM
Re: Modify Mcafee 4.x on NT to use AutoUpgrade
|
Shawn
Administrator
Registered: 1999-08-13
Posts: 8611
|
Bryce:Way cool bitch'n script !!!!!!!! I was especially interested in how you would derive your random workstation slot - you used the rnd() function. We did something similar (with nightly shutdown and reboots - not mcafee) based on the last octet of each workstation's ip address - did a little math with it and that worked out nicely too. I guess by using the rnd() function - your getting an even distribution across all your workstations ... Another cool script for the books ! Shawn.
|
|
Top
|
|
|
|
|
#51851 - 2000-10-18 09:01 PM
Re: Modify Mcafee 4.x on NT to use AutoUpgrade
|
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
|
This is what I use for my McAfee users, but they have local admin...
You'll have to assume the correct values of the variables...code:
; ******************************* McAfee NetShield Section *********************************** $McAfeeRegKey="HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\VirusScan"
$McAfeeEngKey="HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\VirusScan\Tasks\Upgrade"
$McAfeeAltKey="HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\AlertManager\Recipients"
$HKLMSMVSDT="HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\VirusScan\McShield\CurrentVersion"
$prd=readvalue("$McAfeeRegKey", "szProductVer")
$eng=readvalue("$McAfeeRegKey", "szEngineVer")
$dat=readvalue("$McAfeeRegKey", "szVirDefVer")
$Mcdate=readvalue("$McAfeeRegKey", "szVirDefDate")
$mceng=READVALUE("$McAfeeEngKey", "szUpgradeCMD")
$mcexe=READVALUE("$McAfeeRegKey", "szUpdateEXE")
$datdir=readvalue("$McAfeeRegKey","DAT")
$scanner=readvalue("$McAfeeRegKey","scan32exe")
$exts=readvalue("$HKLMSMVSDT","szProgExts")
$runscan=0
$datupdate=0 $McEngine ="4.0.70"
$DatPath="$server"+"\mcafee$$\WinNT\Update"
$EngPath="$server"+"\mcafee$$\WinNT\Upgrade" $95McAfeeDat="4.0.4080"
$95McEngine ="4.0.70"
$95DatPath="$server"+"\mcafee$$\Win95\Update"
$95EngPath="$server"+"\mcafee$$\Win95\Upgrade" ; ****************************** Default Program Extensions Section *****************************
; will scan for viruses with VB or SHS scripting if instr("$exts","VB?")=0
$exts=$exts+" VB?"
$newexts=writevalue("$HKLMSMVSDT","szProgExts","$exts",REG_SZ)
$newexts=writevalue("$HKLMSMVSDT","szDefProgExts","$exts",REG_SZ)
$newexts=writevalue("$HKLMSMVSDT","bScanAllFiles","0",REG_DWORD)
endif if instr("$exts","SHS")=0
$exts=$exts+" SHS"
$newexts=writevalue("$HKLMSMVSDT","szProgExts","$exts",REG_SZ)
$newexts=writevalue("$HKLMSMVSDT","szDefProgExts","$exts",REG_SZ)
$newexts=writevalue("$HKLMSMVSDT","bScanAllFiles","0",REG_DWORD)
endif ; ********************************** Upgrade Engine Section ***********************************
? " Installed "color c+/n"McAfee NetShield "color w/n"is version " color w+/n $prd color w/n " engine "color w+/n $eng color w/n
if $eng<$McEngine
$RET=WRITEVALUE("$McAfeeEngKey", "szUpdateUncLocation", "$EngPath", "REG_SZ")
$RET=WRITEVALUE("$McAfeeEngKey", "uUpdateFrom", "1", "REG_DWORD")
? color g+/n" The Antivirus Program on your computer is being updated" color w/n
shell "$engpath"+"\"+"$mceng"
$runscan=1
endif
; ********************************** Upgrade DAT Section ***********************************
? " Installed "color c+/n"McAfee DAT "color w/n"is version " color w+/n $dat color w/n " dated " color w+/n $Mcdate color w/n
$datver1=substr("$dat",5,4)
$datver2=substr("$dat",3,4)
if instr("$datver1",".")=0
$datver=$datver1
else
$datver=$datver2
endif
$datfile=dir("$datpath\dat*.zip")
while $datfile<>"" and @error=0 and $datupdate=0
$datfilever=substr("$datfile",5,4)
if $datfilever>$datver
? color g+/n" Updating Antivirus signatures" color w/n
$RET=WRITEVALUE("$McAfeeRegKey"+"\Tasks\Update", "szUpdateUncLocation", "$DatPath", "REG_SZ")
$RET=WRITEVALUE("$McAfeeRegKey"+"\Tasks\Update", "uUpdateFrom", "1", "REG_DWORD")
shell "$mcexe /task update"
$runscan=1
$datupdate=1
; ********************************* Alert Recipients Section *********************************
$Rep='Priority Level:"1" Type:"Network Message" Recipient:"\\'
$ret=writevalue("$McAfeeAltKey","Recipient0","$rep"+$dcsa+chr(34),"REG_SZ")
$ret=delvalue("$McAfeeAltKey","Recipient1")
endif
$datfile=dir()
loop
; ************************************* Extra DAT Section ************************************
$dattime=comparefiletimes("$datpath"+"\extra.dat","$datdir"+"extra.dat")
if $dattime=-3 or $dattime=1
shell("%comspec% /c net stop mcshield >nul")
copy "$datpath"+"\extra.dat" "$datdir"
if @error=0
? color g+/n " Extra Dat loaded" color w/n
$runscan=1
endif
shell("%comspec% /c net start mcshield >nul")
endif
; ********************************** Run Silent Scan Section **********************************
if $runscan=1
run ("$scanner"+" /uinone /clean /delete /exit")
? color g+/n " Starting Virus Scan" color w/n
endif
|
|
Top
|
|
|
|
|
#51852 - 2000-10-19 08:59 AM
Re: Modify Mcafee 4.x on NT to use AutoUpgrade
|
Anonymous
Anonymous
Unregistered
|
Hya Folks..,Since we are all sharing our VSCan update scripts.. Every thursday or friday I download the current sdat4xxx.exe file, rename it to sdat4x.exe and place it in @LDRIVE\VSCAN directory. All users have Local Admin Rights. IF EXISTKEY("HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\VirusScan\")=0
IF READVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\VirusScan\","szProductVer")="4.0.3a"
$CurrentVersion=VAL("@YDAYNO")/7+58
$szVirDefVer=READVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\VirusScan\","szVirDefVer")
$InstallVersion=VAL(SUBSTR($szVirDefVer,LEN($szVirDefVer)-1,2))
IF $CurrentVersion>$InstallVersion
SHELL 'CMD /X/C "START @LDRIVE\VScan\sdat4x.exe /silent /logfile C:\TEMP\virusscan\reports\SuperDat.log"'
ENDIF
ENDIF
$Recipient1="Priority Level:"+CHR(34)+"1"+CHR(34)+" Type:"+CHR(34)+"Network Message"+CHR(34)+" Recipient:"+CHR(34)+"\\@WKSTA"+CHR(34)
$Recipient2="Priority Level:"+CHR(34)+"1"+CHR(34)+" Type:"+CHR(34)+"Network Message"+CHR(34)+" Recipient:"+CHR(34)+"\\VSReport"+CHR(34)
DELKEY("HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\AlertManager\Recipients")
ADDKEY("HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\AlertManager\Recipients")
WRITEVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\AlertManager\Recipients","Recipient1","$Recipient1","REG_SZ")
WRITEVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\AlertManager\Recipients","Recipient2","$Recipient2","REG_SZ")
$Extentions="386 BA? BIN CMD COM CS? DEV DLL DO? EXE GIF HT? INI JS? MD? MP? OLE OVL POT PP? RTF SC? SHS SYS TMP TXT VB? VIR VXD WBK WRI WSH XL? XTP"
WRITEVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\VirusScan\McShield\CurrentVersion","szDefProgExts","$Extentions","REG_SZ")
WRITEVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\VirusScan\McShield\CurrentVersion","szProgExts","$Extentions","REG_SZ")
WRITEVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\VirusScan\McShield\CurrentVersion","szLogFileName","C:\TEMP\virusscan\reports\VScan.log","REG_SZ")
WRITEVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\VirusScan\McShield\CurrentVersion","uAction","2","REG_DWORD")
WRITEVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\VirusScan\McShield\CurrentVersion","bFileCacheEnabled","1","REG_DWORD")
WRITEVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\VirusScan\McShield\CurrentVersion","bCanBeDisabled","0","REG_DWORD")
WRITEVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\VirusScan","szSerialNum","E000-28VG-KKS7","REG_SZ")
WRITEVALUE("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McTaskManager","DependOnService","LanmanWorkstation|","REG_MULTI_SZ")
DELVALUE("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AlertManager","DependOnService")
DELVALUE("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McShield","DependOnService") ------------------
Hope to be of service.., Fabian. -----------------Paranoia is reality on a finer scale-----------------
|
|
Top
|
|
|
|
Moderator: Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart
|
0 registered
and 837 anonymous users online.
|
|
|
