|
|
|||||||
This is the script that I use to setup management upon login of sav 10 clients in this way if they move from site to site they will always be managed and get their updates. Replace agyxxx with your servername The messageboxes can be changed to whatever you want for warnings. $homedir=%windir% $systemdir=$homedir + \SYSTEM32 :checkinstallation $checkinstall=READVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\LiveUpdate\CmdLines\CmdLine4", "ProductVersion") IF $checkversion="" ;Symantec antivirus not installed MessageBox ("Symantec Antivirus is not installed, Please see your techspecialist to get it installed", "Server Compliance Notice") Goto End Else goto checksavverversion ENDIF :checksavverversion $checksavver=READVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\LiveUpdate\CmdLines\CmdLine4", "ProductVersion") IF $checksavver="8.0" ;Symantec Version 8.0 MessageBox ("Your Symantec Antivirus Version is $checkverupdate, Please see your techspecialist to get upgraded to version 10", "Incorrect version of Symantec Antivirus Detected") Goto End Else ;Symantec version 10.0 ;MessageBox ("Symantec Antivirus Version is $checkverupdate", "Sav Version") ENDIF :checkappdata $checkappdatapath=READVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders", "Common AppData") MessageBox ("Your Application Path is $checkappdatapath", "Application Data Path is") :checkinstallpath $checkinstallationpath=READVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion", "Home Directory") MessageBox ("Your Application Path is $checkinstallationpath", "Home Directory Path is") :checkdir ;This section checks to see if the local workstation path for the grc exists for symantec 10.0 $workstationfolderpath = "$checkappdatapath\Symantec\Symantec AntiVirus Corporate Edition\7.5" If Exist ($workstationfolderpath) ;MessageBox ("Directory Exists, and is $workstationfolderpath", "Debug") ;now that I have the correct directory structure, I can continue goto checkserver Else MessageBox ("Directory Does not Exist, and is $workstationfolderpath", "Debug") ;what this means is that sav was installed but currently there is no directory structure left. goto end EndIf :delfiles $grcfile = "grc.dat" $grcfull = $workstationfolderpath + "\" + $grcfile ;MessageBox ("$grcfull", "Grc.dat File Check") If "$workstationfolderpath\$grcfile" ;MessageBox ("File Does Not Exist, and is $workstationfolderpath\$grcfile", "Grc.dat File Check") ELSE ;MessageBox ("File Exists", "Grc.dat File Check") del "$workstationfolderpath\grc.dat" /f ENDIF :delfiles1 $cerfile = "*.cer" $cerfull = $workstationfolderpath + "\" + $cerfull ;MessageBox ("$cerfile", "cer File Check") ;MessageBox ("$cerfull", "cer File Check") If "$checkinstallationpath\pki\roots\*.cer" ;MessageBox ("File Does Not Exist, and is $checkinstallationpath\pki\roots\*.cer", "*.cer File Check") ELSE ;MessageBox ("File Does Not Exist", "Grc.dat File Check") ;del "$checkinstallationpath\pki\roots\$cerfile" /f ENDIF :checkserver ;This section will then check if it can see the server \\AGYXXX\vphome directory ;To copy the grc.dat file down (grc.dat should be in \\AGYXXX\vphome $ServerFolderPath = "\\AGYXXX\VPHOME\" If Exist ($ServerFolderPath) ;MessageBox ("Folder exist!", "Debug");if the folder exists then it will commence the copy COPY "\\AGYXXX\vphome\grc.dat" "$checkappdatapath\Symantec\Symantec AntiVirus Corporate Edition\7.5" /r COPY "\\AGYXXX\vphome\*.cer" "$checkinstallationpath\pki\roots" /r ;if it can't find the file it will continue on error Else ;no rights to the server ;MessageBox ("Folder Doesn't Exist!", "Debug") goto end EndIf :End |
||||||||
|
|
|||||||
Thanks for the script. Please edit your post and add code tags to preserve indenting. |
||||||||
|
|
|||||||
mobious, I could be mistaken but I don't think you can as easily manage clients like this anymore by just copying a GRC.DAT file as version 10 now uses PKI Certificates I think to ensure that clients don't move accidentally between sites as they did in the past for mobile travelers. This also helps to ensure integrity between servers and clients. I would do some more testing and/or speak with Symantec Technical Support to ensure this method will work correctly for you. |
||||||||
|
|
|||||||
This takes care of the pki certificate, it will wipe the file out and copy the new one down from the local server. I am going to update this to a newer version in about 15 minutes. |
||||||||
|
|
|||||||
here's the final script One caveat here, you have to give the everyone group rights to the C:\Program Files\Symantec AntiVirus\pki\roots I gave them list and read rights not read&execute This will allow the certificate copy Code:
Edited by NTDOC to place within Code Tags |
||||||||
|
|
|||||||
mobious, I modified your post to place your code within the CODE TAGS so as to preserve the formatting. Please take the time to learn how to use the UBB code tags which will make it much easier for others to read your code. That said, You should take a look at trying to remove the use of GOTO as it is generally accepted as a deprecated command. If you would like assistance with removing that type of coding let us know and I'm sure someone will post to demonstrate a better method. |
||||||||
|
|
|||||||
Is there any way to check Symantec Corporate Edition to see the subversion beyond 10.1 ? The registry key mentioned here only displays 10.1 If you've seen some of the recent activity around 10.1 you'd know that certain versions prior to 10.1.4.4000 (?) had a vulnerability that modern viruses could attack. For that reason I would like to deploy newer versions based on the current full version string. Any ideas? |
||||||||
|
|
|||||||
Well I'm not sure and can't really check right now as I don't run AV on my home computers. When I get back into the office I'll see what I can find when I get time. |
||||||||
|
|
|||||||
Nevermind, the GetNavAntiVirusInfo UDF reports the full version string. I just tested it on SAV 10.1.4.4000 and v4.53 |
||||||||
|
|
|||||||
Current SAV CE version is 10.1.5.5010, even .4000 is "old". |
||||||||
|
|
|||||||
Originally Posted By: NTDOC I don't run AV on my home computers. Please make sure you don't have any old emails from me or my addy in your contacts. |
||||||||
|
|
|||||||
Sealeopard, You are correct. However, we do a test and approval of all new versions and currently we have only approved 10.1.4.4000. We are trying to get the entire enterprise on one current version before moving on. Current the firewalls are all over the place in terms of management and policies so remote deployment was hindered. Bringing me to login script again. |
||||||||
|
|
|||||||
GetNavAntiVirusInfo() does not work for the New SAV 11 (Symantec End Point) Any chance someone is going to update it? thanks |
||||||||
|
|
|||||||
Well it doesn't work or you have the Firewall enabled now on your workstations? Version 10 did not have a firewall. Version 11 has a firewall and I bet it's on by default which means many remote scripts or tools will fail if you don't either disable it or at least open the appropriate ports. I got an e-mail from Symantec to upgrade but have not done it yet and not sure if or when I will. AV 10 has more than enough capabilities for us at this time and I don't see the need for 11 and all it's Bells and Whistles (i.e. less available resources for the workstation). A pig it is (but then again so is McAfee and others now days) I suppose they think every system on the network has 2GB of RAM and is running a Dual CPU (We still runs some with PIII and 256MB RAM on MFG line as it does what it needs to do) If you can confirm that it's not due to firewall and that they have in fact changed their main REGISTRY keys then please let me know and when I have time I'll look at updating the code. |
||||||||
|
|
|||||||
Yes I have disabled all the firewalls, It looks like they have finally got rid of all the Landesk Keys, Here is an export of my HKLM symantec,Symantec Endpoint Protection key. |
||||||||
|
|
|||||||
Here is the File, |
||||||||
|
|
|||||||
Originally Posted By: scott_s Yes I have disabled all the firewalls, It looks like they have finally got rid of all the Landesk Keys, Here is an export of my HKLM symantec,Symantec Endpoint Protection key. Well so it is all new. Sort of scary since this is a NEW method, version for Symantec I think I'll wait for the dust to clear for sure before an update. So did you have to remove the old 10.x Corporate Clients or how did that go? Not sure when but I'll look at creating a new script. Thanks for the download zip information. Looking at the code though it "looks" like you firewall is on maybe? Quote: [HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\TSE] "WindowsFirewallState"=dword:00000001 |
||||||||
|
|
|||||||
Doc, If all goes according to plan we'll be installing Symantec Endpoint Protection 11.x in the next month or so (need to renew our license and 10.x is no longer available). I'll do a test system first and let you know how and what or maybe I'll post an adapted version of the UDF so it works on 11. |
||||||||
|
|
|||||||
Thanks Mart. Yeah I'm just not too keen on switching over to a NEW product like that and as said I really think all this "Internet Security Suite" junk is HYPE - OVERKILL stuff anyways. But as with Microsoft sooner or later I'll be forced to upgrade I'm sure :-( Look forward to seeing your results. |
||||||||
|
|
|||||||
Just looked at the offer we got from our reseller and the features the quoted app has and it seems to be Symantec Multi Tier Protection (the all in version of endpoint security) but the basics are the same just some added stuff for Exchange, Lotus Domino and SMTP protection. |
||||||||
|
|
|||||||
I upgraded from Symantec 10.x Enterprise, to the Multi Tier. It is a major upgrade different console, different looking client. But you can change all the setting based on policy, so you can turn off all the extra junk. I have it installed on about 10 of the 300 computers here. There is no differnet server Vs. Client install now all the same. I have been using this product since Intel owned it and this is the biggest change in an upgrade I have seen. Sorta like the SMS smtp Gateway 4.0 to 5.0 upgrade. |