Endpoint Protection

Hey team,

How can I tell from the command line if SEP is installed on a remote system or not installed?

Thanks!!

I think I have a download posted - VBscript that queries remote computers and gives a list of the results.......
Check the downloads tab - - if not, I'll get it posted.  "Is it installed" is the name or something like that. Can be used for SEP or pretty much anything that shows up in the installed apps list in Windows.
It's SLICK.

I also have a script that runs in the login script here at work that queries the service to see if it's present and started.

This needs tweaking and serious clean-up, but works in the login script and sends me an email if something is amiss...

' Symantec Verification Script  
' Bill Dickerson
' Iowa Vocational Rehabilitation Services
' Verifies Symantec Endpoint Protection process is running.
' Updated Exchange server IP to reflect ITE server, Bill Dickerson 4-1-08
' ------------------------------- 
On Error Resume Next
Dim oWSH, objNet, wmiRoot, wmiColl, wmiObj, vbCRLF
Dim sParentServer, sClientGroup, sVirusEngine, sRegPath, sComputerName, sErrorMsg3''Strings 
Dim bFoundNavProc, bFoundNavRegVals, u1
Dim oDict  'Dictionary Object for Registry Values

vbCRLF = Chr(13) & Chr(10)
'==================================
'Constants
Const cEmailServer = "165.xxx.xxx.xxx"  'Name of Exchange Server to send email through
Const cSendTo = "bill.myemail"
'Const cSendTo = "theiremailaddy"
Const cMailFrom = """AntiVirus"" <antivirus.problem@iowa.gov>"
Const cdoNTLM = 2   'NTLM for email server authentication before sending mail
Const iSleepTime = 180000 '50 seconds

'Initialize Error Message Variable
sErrorMsg3 = ""

'Sleep for 50 seconds to allow the user to log in and SEP to start
'WScript.Echo "Sleeping for 50 seconds"
WScript.Sleep(iSleepTime)
'WScript.Echo "OK, I'm awake now!"

' Create Objects
Set oWSH = WScript.CreateObject("Wscript.Shell")
Set oDict = WScript.CreateObject("Scripting.Dictionary")
Set wmiRoot = GetObject("WinMgmts:root/cimv2")
Set objNet = CreateObject("WScript.NetWork")
u1 = objNet.UserName

'Finds SEP service, see if it's "Running" (case is important)
Set objWMI = GetObject("winmgmts:\\.\root\cimv2")

   
    'Determine if SEP is Running
    Set colServices2 = objWMI.ExecQuery("SELECT State, StartMode FROM Win32_Service WHERE Name='Symantec Endpoint Protection'")
    For Each objService In colServices2
        strState2 = objService.State
  If strState2 = "Running" Then
'  WScript.Echo strState2
  sErrorMsg3 = ""
  Else
'    WScript.Echo strState2
    sErrorMsg3 = "SEP is not running."
  End If
   
    Next   

'Get Computer Name
Set wmiColl = wmiRoot.ExecQuery("Select Name FROM Win32_ComputerSystem")
For Each wmiObj In wmiColl
   sComputerName = wmiObj.Name
Next

If sErrorMsg3 <> "" Then  ' if SEP service is not running - send mail
  ' **** Send Email About This Computer  ***''
  Set objMessage = CreateObject("CDO.Message")
'  WScript.Echo "AntiVirus Error(s) found. Sending Email To Admin"
  objMessage.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
  objMessage.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserver") = cEmailServer
  objMessage.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
  objMessage.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") =cdoNTLM
  objMessage.Configuration.Fields.Update

  objMessage.Subject = "Symantec Endpoint Protection error on " & sComputerName
  objMessage.From = cMailFrom
  objMessage.To = cSendTo
  objMessage.TextBody = "The following error(s) were found on " & sComputerName & ":" & sErrorMsg3 & vbCrlf & vbCrlf & "From user: " & u1
  objMessage.Send
End If

 

I don't  think that there is an option for that.  We can't tell from command line if SEP is installed or not.

Query the services......... from a CMD prompt..
(Or my scripts above, or the download I posted a while back..........)
The one can even be scheduled to run at any time using scheduled tasks - the "is it installed" script.

Using the command-line Interface

ShadowsPapa is correct  this is the script he has posted.
https://www-secure.symantec.com/connect/downloads/script-report-installed-applications

And even before this, the tool from sandeep cheema aka SylnikReplacer also does a CLI query if SEP is installed or not.It also creates log for that.

He wanted to do this for a remote system. So it would seem the command line interface for SEP wouldn't be ideal. But now I have some ideas of my own that you mentioned that, Prachand...........

The "is it installed" script is ideal for that - it's made for remote computers - you can check every computer in the domain and it logs the results - if it can't get a response, if it's installed or if it's not installed, it will log all of that in a text/csv file you can pull into outlook.
The script I created and posted here I have our login script call - so it's run every time a person logs in, and if SEP isn't there/running, it will send me and our help desk an email about the error.
I used it for SAV all the time. It works for SEP, but needs some cleaning up - I'm not a scripter, I just play one in the forums! LOL
But in each case, they work on remove computers. And it does nothing more than query and log or email.
And being scripts - you can tweak to your heart's content.

looks good, i'll have a look at this.

Thanks.  I'll read that section.

Thanks for the link

I'll use your script and possibly the psexec tool.  I'll let you know how it goes, thanks.

check out psexec if you're not already familiar with it.

Yeah, I use strictly scripts where I can - no need for external EXE files, nothing to copy to the workstation, but I have used their tools before (sysinternals) to push virus removal tools to workstations and run them as if locally.

Shadow papa thank you for posting the script, we can use this in the future preferences. thanks again

just had a quick glance at the manual, there is indeed a command listed:

smc