Endpoint Protection

 View Only

  • 1.  A way to create a scan via the registry

    Posted Jun 02, 2009 03:08 PM
    Does anyone know if it is possible to create a daily scan via the registry as opposed to the Endpoint GUI?  I have to send out a script with the Endpoint installation and need to configure scans, so the GUI is not possible in my case. 

    I thought I could just create the task under Custom Tasks and then under TaskPadScheduler, but it is not showing up in the GUI.  I have replicated the keys that exist for a scan that I made with the GUI, but no luck.  Clearly I am missing something, but I am not sure what.  Any ideas?

    Thank you.


  • 2.  RE: A way to create a scan via the registry

    Posted Jun 02, 2009 03:36 PM
    I am not at all sure but for testing you can test this
    Once you create a scheduled scasn it creates a registry entry with a name
    some like
    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\LocalScans\
    5df13630-79f7-4c70-002b-16b8952f5533---Where this last one with random hex digit is they folder created for that scan.

    what if you exported this whole folder and imported on a test machine. Does this work ?? 


  • 3.  RE: A way to create a scan via the registry

    Posted Jun 04, 2009 10:35 AM
    I tried exporting and importing the registry keys, and it did work.  I think the problem was I created the keys under HKLM and Current_User, but not under the SIDs in HKEY_USERS.  I am going to try adding them there so hopefully I can just script it without the use of an outside file.  I'll let you know how it goes.

    Thanks.


  • 4.  RE: A way to create a scan via the registry

    Posted Jun 04, 2009 01:35 PM
     Please do let us know how it goes..I love playing playing around with SAV and SEP  registry keys..


  • 5.  RE: A way to create a scan via the registry
    Best Answer

    Posted Jun 08, 2009 04:58 PM
    I got it working.  Vikram got me going in the right direction by exporting and then importing the registry keys from a scan I created manually.  Apparently, you need to create keys under HKLM, HKEY_USERS, and HKEY_Current_User.  I got stick for a little while because I tried to copy (and thought I succeeded in copying) the hex digit created when I manually set up the scans.  I used that as the reference for my scripted scans, but when I ran the script, even though the keys were created, nothing appeared in the Endpoint GUI.  Finally I realized that I was two digits short for each hex number, and that is why the script was not creating the scans.  I added two random number to the end of each, and now it works like a charm.

    I don't really recommend this process to anyone - just creating the necessary keys and settings for two different scans under HKEY_USERS bit took about 150 lines of code (and that doesn't include all of the other settings I had to do).  But if you have no other choice (as in my case) it is good to know this works.