Client Management Suite

I am working in the Symantec Management Console 7.6 and creating a managed software delivery for Symantec Endpoint Protection 12.1.6 to be installed on Macs. I created the software package just fine but the detection rule is not running properly. When the schedule runs to install the software the detection rule runs no matter if the software is already installed or not. Below is a screenshot of the rule. Is there something I need to change so the detection rule actually detects if the software is installed or not?

Hi bspore,

what you mean about:

• the detection rule runs no matter if the software is already installed or not

If schedule triggers, then detection rule will always run to identify whether software is already installed or not and then according to results it determines whether it "Compliant" or "Not Compliant" to download software package and install it or not.

1. Why you think that detection rule should not run on schedule for package installation?
2. Or you mean about something another, like detection rule doesn't detect that this soft is already installed and provides incorrect compliance state?

Thanks,

IP.

I should have explained that better. I understand the detection rule is supposed to run on schedule. The rule is not detecting if the software is already installed and provides the incorrect compliance state. This causes the software to be installed over and over again when the schedule runs.

Have you checked, using command line "pkgutil" on Mac, whether installed product has the same name and version as it is specified in detection rule or not?

Hi,

There rule that was generated for SEP during import is not what you want. It applies to SEP isntaller (installer app - the application that installs SEP ). What you want is SEP packages. You can generate custom detection rule for sep packages. For that you should take next actions:

1. Run pkgutil --pkgs  | grep -i symantec on mac machine where sep is isntalled - this will show you pkg id of all symantec isntalled packages

2. For each package run pkgutil --pkg-info <pkgid> - this will show you exact version of package

3. Based on that info you can create detection rule using pkgid(from step 1) as package name and version (from step 2). You may  have  as many expressions in one detection rules as many packages you want to detect.

Thanks,

AndreiF

I ran the command  pkgutil --pkgs  | grep -i symantec and this is result:

AltNetBoot109:~ root# pkgutil --pkgs | grep -i symantec

com.Symantec.AutomationUtility

com.Symantec.DeploymentSolutionAgent

com.symantec.errorreporting.install

com.symantec.firewall.framework.install

com.symantec.firewall.framework.install.Universal

com.symantec.ips.framework.install.Universal

com.symantec.ips.install

com.symantec.ips.install.Universal

com.symantec.licensing.install

com.symantec.licensing.install.Universal

com.Symantec.LiveUpdate.install

com.Symantec.LiveUpdate.install.Universal

com.Symantec.mocu.MOCUApp.pkg

com.symantec.navautoprotect.install

com.symantec.navautoprotect.install.Universal

com.symantec.personalfirewall.framework.install

com.symantec.personalfirewall.framework.install.Universal

com.symantec.pkg.symQuickMenu

com.symantec.pkg.symQuickMenu.Universal

com.symantec.sep.migratesettings

com.symantec.sepapplication

com.symantec.sepplugin.install

com.symantec.sepsmallscannerapp.install

com.symantec.sepsmallscannerapp.install.Universal

com.symantec.sepuiapp.install

com.symantec.sepuiapp.install.Universal

com.symantec.sharedframeworks

com.symantec.sharedframeworks.Universal

com.symantec.sharedsettings.install

com.symantec.sharedsettings.install.Universal

com.symantec.smc

com.symantec.submissionsdk.install

com.symantec.symavscanserver.install

com.symantec.symdaemon.install

com.symantec.symdaemon.install.Universal

com.symantec.symInternetSecurity.install

com.symantec.uiagent.install

com.symantec.uiagent.install.Universal

Do I need to run the command  package run pkgutil --pkg-info <pkgid> - for each of these pkgids? Once I do that do I need to enter each of these pkgids into the detection rule?

Thank you.

I ran the command  pkgutil --pkgs  | grep -i symantec and this is result:

AltNetBoot109:~ root# pkgutil --pkgs | grep -i symantec

com.Symantec.AutomationUtility

com.Symantec.DeploymentSolutionAgent

com.symantec.errorreporting.install

com.symantec.firewall.framework.install

com.symantec.firewall.framework.install.Universal

com.symantec.ips.framework.install.Universal

com.symantec.ips.install

com.symantec.ips.install.Universal

com.symantec.licensing.install

com.symantec.licensing.install.Universal

com.Symantec.LiveUpdate.install

com.Symantec.LiveUpdate.install.Universal

com.Symantec.mocu.MOCUApp.pkg

com.symantec.navautoprotect.install

com.symantec.navautoprotect.install.Universal

com.symantec.personalfirewall.framework.install

com.symantec.personalfirewall.framework.install.Universal

com.symantec.pkg.symQuickMenu

com.symantec.pkg.symQuickMenu.Universal

com.symantec.sep.migratesettings

com.symantec.sepapplication

com.symantec.sepplugin.install

com.symantec.sepsmallscannerapp.install

com.symantec.sepsmallscannerapp.install.Universal

com.symantec.sepuiapp.install

com.symantec.sepuiapp.install.Universal

com.symantec.sharedframeworks

com.symantec.sharedframeworks.Universal

com.symantec.sharedsettings.install

com.symantec.sharedsettings.install.Universal

com.symantec.smc

com.symantec.submissionsdk.install

com.symantec.symavscanserver.install

com.symantec.symdaemon.install

com.symantec.symdaemon.install.Universal

com.symantec.symInternetSecurity.install

com.symantec.uiagent.install

com.symantec.uiagent.install.Universal

Do I need to run the command  package run pkgutil --pkg-info <pkgid> - for each of these pkgids? Once I do that do I need to enter each of these pkgids into the detection rule?

Thank you.

Hi,

Some of the reported packages are not related to SEP.

Also I do not think that UI apps should be in rule as well. We can make rule based on some core packages.

I will take a look into SEP packages deeper and report to you soon.

Thanks,

AndreiF

Hi bspore,

How does your SEP pacakge looks like ? Is it zip archive?

If so, can you try to extract files from this zip and make sure that in extracted folder you will see "Additional Resources" directory? If so, then generation of detection rules will be much easier:

In Additional Resources directory, there is a SEP.mpkg package - this meta package contains all SEP related packages. All you should do is just import this(SEP.mpkg) pacakge into NS. During import process detection rule for all packages will be generated automatically. After that you should associate this detection rule with your software release that installs SEP. Only then you can remove package you imported(so generated rule will be associated with another package, that will prevent this rule from removal).

If you don't like maintaine such big, but accurate rule, then I guess you can create rule for two packages only: "com.symantec.sepapplication", "com.symantec.virusengine.install", as only these packages have SEP versions, that  corresponds to official SEP version list and seems to be the core SEP functionality providers.

Can you please share command line you are using to install SEP package? If you use default generated during SymantecEndpointProtection.zip package import, then I am afraid that this command won't work(pkg-rollout -f 'Symantec Endpoint Protection.zip' -e 'Symantec Endpoint Protection/Symantec Endpoint Protection Installer.app') - all it does is just installs SEP installer app, but won't call SEP pacakge installation through this app.

Thanks,

AndreiF

Here's a little script I wrote that does both pkgutil commands at once. You can specify the pkg name on the command line or use the curName value within the script. It can be a full or partial pkg name.

Save this to a text file on the mac, then, from Terminal, run 'chmod 755 <filename>', then ./<filename> <pkgname>. 

******************

#!/bin/sh 

# mac only

curName=$1

if [ -z $curName ]; then

  curName='altiris'

fi

echo

echo '===================================' 

pkglist=`pkgutil --packages | grep -i $curName` 

echo "$pkglist"

echo

echo 'Package Details...'

echo '===================================' 

for i in $pkglist; do 

  echo "`pkgutil --pkg-info $i`"

  echo 

done

echo '==================================='

echo

******************