Page 1 of 2 12>
Topic Options
#162230 - 2006-05-22 05:26 PM Symantec 10 Management script
mobious Offline
Fresh Scripter

Registered: 2002-03-20
Posts: 11
This is the script that I use to setup management upon login of sav 10 clients in this way if they move from site to site they will always be managed and get their updates.

Replace agyxxx with your servername

The messageboxes can be changed to whatever you want for warnings.





$homedir=%windir%
$systemdir=$homedir + \SYSTEM32

:checkinstallation
$checkinstall=READVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\LiveUpdate\CmdLines\CmdLine4", "ProductVersion")
IF $checkversion=""
;Symantec antivirus not installed
MessageBox ("Symantec Antivirus is not installed, Please see your techspecialist to get it installed", "Server Compliance Notice")
Goto End
Else
goto checksavverversion
ENDIF

:checksavverversion
$checksavver=READVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\LiveUpdate\CmdLines\CmdLine4", "ProductVersion")
IF $checksavver="8.0"
;Symantec Version 8.0
MessageBox ("Your Symantec Antivirus Version is $checkverupdate, Please see your techspecialist to get upgraded to version 10", "Incorrect version of Symantec Antivirus Detected")
Goto End
Else
;Symantec version 10.0
;MessageBox ("Symantec Antivirus Version is $checkverupdate", "Sav Version")
ENDIF

:checkappdata
$checkappdatapath=READVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders", "Common AppData")
MessageBox ("Your Application Path is $checkappdatapath", "Application Data Path is")

:checkinstallpath
$checkinstallationpath=READVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion", "Home Directory")
MessageBox ("Your Application Path is $checkinstallationpath", "Home Directory Path is")

:checkdir
;This section checks to see if the local workstation path for the grc exists for symantec 10.0
$workstationfolderpath = "$checkappdatapath\Symantec\Symantec AntiVirus Corporate Edition\7.5"
If Exist ($workstationfolderpath)
;MessageBox ("Directory Exists, and is $workstationfolderpath", "Debug")
;now that I have the correct directory structure, I can continue
goto checkserver
Else
MessageBox ("Directory Does not Exist, and is $workstationfolderpath", "Debug")
;what this means is that sav was installed but currently there is no directory structure left.
goto end
EndIf

:delfiles
$grcfile = "grc.dat"
$grcfull = $workstationfolderpath + "\" + $grcfile
;MessageBox ("$grcfull", "Grc.dat File Check")
If "$workstationfolderpath\$grcfile"
;MessageBox ("File Does Not Exist, and is $workstationfolderpath\$grcfile", "Grc.dat File Check")
ELSE
;MessageBox ("File Exists", "Grc.dat File Check")
del "$workstationfolderpath\grc.dat" /f
ENDIF

:delfiles1
$cerfile = "*.cer"
$cerfull = $workstationfolderpath + "\" + $cerfull
;MessageBox ("$cerfile", "cer File Check")
;MessageBox ("$cerfull", "cer File Check")
If "$checkinstallationpath\pki\roots\*.cer"
;MessageBox ("File Does Not Exist, and is $checkinstallationpath\pki\roots\*.cer", "*.cer File Check")
ELSE
;MessageBox ("File Does Not Exist", "Grc.dat File Check")
;del "$checkinstallationpath\pki\roots\$cerfile" /f
ENDIF

:checkserver
;This section will then check if it can see the server \\AGYXXX\vphome directory
;To copy the grc.dat file down (grc.dat should be in \\AGYXXX\vphome
$ServerFolderPath = "\\AGYXXX\VPHOME\"
If Exist ($ServerFolderPath)
;MessageBox ("Folder exist!", "Debug");if the folder exists then it will commence the copy
COPY "\\AGYXXX\vphome\grc.dat" "$checkappdatapath\Symantec\Symantec AntiVirus Corporate Edition\7.5" /r
COPY "\\AGYXXX\vphome\*.cer" "$checkinstallationpath\pki\roots" /r
;if it can't find the file it will continue on error
Else
;no rights to the server
;MessageBox ("Folder Doesn't Exist!", "Debug")
goto end
EndIf

:End

Top
#162231 - 2006-05-22 07:10 PM Re: Symantec 10 Management script
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
Thanks for the script. Please edit your post and add code tags to preserve indenting.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#162232 - 2006-05-22 07:22 PM Re: Symantec 10 Management script
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
mobious, I could be mistaken but I don't think you can as easily manage clients like this anymore by just copying a GRC.DAT file as version 10 now uses PKI Certificates I think to ensure that clients don't move accidentally between sites as they did in the past for mobile travelers.
This also helps to ensure integrity between servers and clients.

I would do some more testing and/or speak with Symantec Technical Support to ensure this method will work correctly for you.
 

Top
#162233 - 2006-05-22 08:18 PM Re: Symantec 10 Management script
mobious Offline
Fresh Scripter

Registered: 2002-03-20
Posts: 11
This takes care of the pki certificate, it will wipe the file out and copy the new one down from the local server.

I am going to update this to a newer version in about 15 minutes.

Top
#162234 - 2006-05-22 09:32 PM Re: Symantec 10 Management script
mobious Offline
Fresh Scripter

Registered: 2002-03-20
Posts: 11
here's the final script

One caveat here, you have to give the everyone group rights to the
C:\Program Files\Symantec AntiVirus\pki\roots
I gave them list and read rights not read&execute

This will allow the certificate copy

Code:

$homedir=%windir%
$systemdir=$homedir + \SYSTEM32

:checkinstallation
$checkinstall=READVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\LiveUpdate\CmdLines\CmdLine4", "ProductVersion")
IF $checkversion=""
goto checksavverversion
Else
;Symantec antivirus not installed
;MessageBox ("Symantec Antivirus is not installed, Please see your techspecialist to get it installed", "Server Compliance Notice")
Goto End
ENDIF

:checksavverversion
$checksavver=READVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\LiveUpdate\CmdLines\CmdLine4", "ProductVersion")
IF $checksavver="8.0"
;Symantec Version 8.0
;MessageBox ("Your Symantec Antivirus Version is $checkverupdate, Please see your techspecialist to get upgraded to version 10", "Incorrect version of Symantec Antivirus Detected")
Goto End
Else
;Symantec version 10.0
;MessageBox ("Symantec Antivirus Version is $checkverupdate", "Sav Version")
ENDIF

:checkappdata
$checkappdatapath=READVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders", "Common AppData")
;MessageBox ("Your Application Path is $checkappdatapath", "Application Data Path is")

:checkinstallpath
$checkinstallationpath=READVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion", "Home Directory")
;MessageBox ("Your Install Path is $checkinstallationpath", "Home Directory Path is")

:checkdir
;This section checks to see if the local workstation path for the grc exists for symantec 10.0
$workstationfolderpath = "$checkappdatapath\Symantec\Symantec AntiVirus Corporate Edition\7.5"
;MessageBox ("Default Grc path is $workstationfolderpath", "Workstation folder path")
If Exist ($workstationfolderpath)
;MessageBox ("Grc Directory Exists, and is $workstationfolderpath", "Debug")
;now that I have the correct directory structure, I can continue
goto delfiles
Else
;MessageBox ("Grc Directory Does not Exist, and is $workstationfolderpath", "Debug")
;what this means is that sav was installed but currently there is no directory structure left.
goto end
EndIf

:delfiles
$grcfile = "grc.dat"
$grcfull = $workstationfolderpath + "\" + $grcfile
;MessageBox ("Grc path is $grcfull", "Grc.dat File Check")
If EXIST ($grcfull)
;MessageBox ("File Exists", "Grc.dat File Check")
del $grcfull
ELSE
;MessageBox ("File Does Not Exist, and is $grcfull", "Grc.dat File Check")
ENDIF

:delfiles1
$cerfile = "*.cer"
$cerfull = $checkinstallationpath + "pki\roots\" + $cerfile
;MessageBox ("$cerfile", "cer File Check")
;MessageBox ("The full path for the certificate file is $cerfull", "cer File Check")
If EXIST ($cerfull)
;MessageBox ("File Exists", "*.cer File Check")
del $cerfull
ELSE
;MessageBox ("File Does Not Exist, and is $cerfull", "*.cer File Check")
ENDIF

:checkserver
;This section will then check if it can see the server \\AGYDEV\vphome directory
;To copy the grc.dat file down (grc.dat should be in \\AGYDEV\vphome
$ServerFolderPath = "\\AGYDEV\VPHOME"
If Exist ($ServerFolderPath)
MessageBox ("Server Folder Path exists!", "Sav Path on server");if the folder exists then it will commence the copy
COPY "\\AGYxxx\vphome\grc.dat" "$checkappdatapath\Symantec\Symantec AntiVirus Corporate Edition\7.5" /r
COPY "\\AGYxxx\vphome\pki\roots\*.cer" "$checkinstallationpath\pki\roots" /r
;if it can't find the file it will continue on error
Else
;no rights to the server
;MessageBox ("Sav Folder on server Doesn't Exist!", "Sav Path on server")
goto end
EndIf


:End



Edited by NTDOC to place within Code Tags


Edited by NTDOC (2006-05-22 10:09 PM)

Top
#162235 - 2006-05-22 10:13 PM Re: Symantec 10 Management script
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
mobious,

I modified your post to place your code within the CODE TAGS so as to preserve the formatting.

Please take the time to learn how to use the UBB code tags
which will make it much easier for others to read your code.

That said,
You should take a look at trying to remove the use of GOTO as it is generally accepted as a deprecated command.

If you would like assistance with removing that type of coding let us know and I'm sure someone will post to demonstrate a better method.

Top
#173027 - 2007-01-21 08:41 AM Re: Symantec 10 Management script [Re: NTDOC]
Megabit Offline
Fresh Scripter

Registered: 2007-01-21
Posts: 13
Loc: Miami, FL
Is there any way to check Symantec Corporate Edition to see the subversion beyond 10.1 ? The registry key mentioned here only displays 10.1

If you've seen some of the recent activity around 10.1 you'd know that certain versions prior to 10.1.4.4000 (?) had a vulnerability that modern viruses could attack. For that reason I would like to deploy newer versions based on the current full version string. Any ideas?

Top
#173029 - 2007-01-21 09:18 AM Re: Symantec 10 Management script [Re: Megabit]
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
Well I'm not sure and can't really check right now as I don't run AV on my home computers. When I get back into the office I'll see what I can find when I get time.
Top
#173032 - 2007-01-21 09:50 AM Re: Symantec 10 Management script [Re: NTDOC]
Megabit Offline
Fresh Scripter

Registered: 2007-01-21
Posts: 13
Loc: Miami, FL
Nevermind, the GetNavAntiVirusInfo UDF reports the full version string. I just tested it on SAV 10.1.4.4000 and v4.53
Top
#173033 - 2007-01-21 02:39 PM Re: Symantec 10 Management script [Re: Megabit]
Sealeopard Offline
KiX Master
*****

Registered: 2001-04-25
Posts: 11164
Loc: Boston, MA, USA
Current SAV CE version is 10.1.5.5010, even .4000 is "old".
_________________________
There are two types of vessels, submarines and targets.

Top
#173034 - 2007-01-21 04:31 PM Re: Symantec 10 Management script [Re: NTDOC]
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
Originally Posted By: NTDOC
I don't run AV on my home computers.
\:o
Please make sure you don't have any old emails from me or my addy in your contacts.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#173035 - 2007-01-21 08:22 PM Re: Symantec 10 Management script [Re: Les]
Megabit Offline
Fresh Scripter

Registered: 2007-01-21
Posts: 13
Loc: Miami, FL
Sealeopard,

You are correct. However, we do a test and approval of all new versions and currently we have only approved 10.1.4.4000. We are trying to get the entire enterprise on one current version before moving on. Current the firewalls are all over the place in terms of management and policies so remote deployment was hindered. Bringing me to login script again.

Top
#181833 - 2007-10-22 11:47 PM Re: Symantec 10 Management script [Re: Sealeopard]
scott_s Offline
Fresh Scripter

Registered: 2004-06-15
Posts: 15
GetNavAntiVirusInfo() does not work for the New SAV 11 (Symantec End Point)
Any chance someone is going to update it?

thanks

Top
#181834 - 2007-10-23 12:09 AM Re: Symantec 10 Management script [Re: scott_s]
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
Well it doesn't work or you have the Firewall enabled now on your workstations?

Version 10 did not have a firewall. Version 11 has a firewall and I bet it's on by default which means many remote scripts or tools will fail if you don't either disable it or at least open the appropriate ports.

I got an e-mail from Symantec to upgrade but have not done it yet and not sure if or when I will. AV 10 has more than enough capabilities for us at this time and I don't see the need for 11 and all it's Bells and Whistles (i.e. less available resources for the workstation).
A pig it is (but then again so is McAfee and others now days) I suppose they think every system on the network has 2GB of RAM and is running a Dual CPU (We still runs some with PIII and 256MB RAM on MFG line as it does what it needs to do)

If you can confirm that it's not due to firewall and that they have in fact changed their main REGISTRY keys then please let me know and when I have time I'll look at updating the code.

Top
#181862 - 2007-10-23 05:33 PM Re: Symantec 10 Management script [Re: NTDOC]
scott_s Offline
Fresh Scripter

Registered: 2004-06-15
Posts: 15
Yes I have disabled all the firewalls, It looks like they have finally got rid of all the Landesk Keys, Here is an export of my HKLM symantec,Symantec Endpoint Protection key.
Top
#181863 - 2007-10-23 05:35 PM Re: Symantec 10 Management script [Re: scott_s]
scott_s Offline
Fresh Scripter

Registered: 2004-06-15
Posts: 15
Here is the File,

Attachments
sep.zip (459 downloads)
Description:




Edited by scott_s (2007-10-23 06:29 PM)

Top
#181873 - 2007-10-23 11:02 PM Re: Symantec 10 Management script [Re: scott_s]
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
 Originally Posted By: scott_s
Yes I have disabled all the firewalls, It looks like they have finally got rid of all the Landesk Keys, Here is an export of my HKLM symantec,Symantec Endpoint Protection key.


Well so it is all new. Sort of scary since this is a NEW method, version for Symantec I think I'll wait for the dust to clear for sure before an update.

So did you have to remove the old 10.x Corporate Clients or how did that go?

Not sure when but I'll look at creating a new script. Thanks for the download zip information.

Looking at the code though it "looks" like you firewall is on maybe?

 Quote:
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\TSE]
"WindowsFirewallState"=dword:00000001


Top
#181876 - 2007-10-23 11:12 PM Re: Symantec 10 Management script [Re: NTDOC]
Mart Moderator Offline
KiX Supporter
*****

Registered: 2002-03-27
Posts: 4672
Loc: The Netherlands
Doc,

If all goes according to plan we'll be installing Symantec Endpoint Protection 11.x in the next month or so (need to renew our license and 10.x is no longer available). I'll do a test system first and let you know how and what or maybe I'll post an adapted version of the UDF so it works on 11.
_________________________
Mart

- Chuck Norris once sold ebay to ebay on ebay.

Top
#181883 - 2007-10-24 09:17 AM Re: Symantec 10 Management script [Re: Mart]
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
Thanks Mart. Yeah I'm just not too keen on switching over to a NEW product like that and as said I really think all this "Internet Security Suite" junk is HYPE - OVERKILL stuff anyways. But as with Microsoft sooner or later I'll be forced to upgrade I'm sure :-(

Look forward to seeing your results.

Top
#181886 - 2007-10-24 09:39 AM Re: Symantec 10 Management script [Re: NTDOC]
Mart Moderator Offline
KiX Supporter
*****

Registered: 2002-03-27
Posts: 4672
Loc: The Netherlands
Just looked at the offer we got from our reseller and the features the quoted app has and it seems to be Symantec Multi Tier Protection (the all in version of endpoint security) but the basics are the same just some added stuff for Exchange, Lotus Domino and SMTP protection.
_________________________
Mart

- Chuck Norris once sold ebay to ebay on ebay.

Top
Page 1 of 2 12>


Moderator:  Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart 
Hop to:
Shout Box

Who's Online
2 registered (morganw, mole) and 414 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.075 seconds in which 0.025 seconds were spent on a total of 15 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org