Endpoint Protection

 View Only

  • 1.  Installing Symantec Endpoint using Startup Script

    Posted Jun 30, 2009 10:23 AM
    I have a script created that runs on start up to install Symantec Endpoint Protection, however it runs everytime someone logs in even if they allready have it installed. Is there a command I can put in that will check the version  and see if it is current? 

    I was thinking something like doing a REG QUERY on the ProductVersion key

    any help would be apperciated.

    p.s new to scripting


  • 2.  RE: Installing Symantec Endpoint using Startup Script

    Posted Jun 30, 2009 10:34 AM
    REG query "HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC" | FIND "ProductVersion"

    which returns

    ProductVersion REG_SZ 11.0.4000.2295


    would an if statement like this work

    If ProductVersion = 11.0.4000.2295
    goto END

    Else
    Shell "v:\setup.exe"



  • 3.  RE: Installing Symantec Endpoint using Startup Script

    Posted Jun 30, 2009 11:22 AM
    Or you can simply use a flag file
    type nul > file.flg

    This allows you to reinstall in case of problems by deleting the flag file.


  • 4.  RE: Installing Symantec Endpoint using Startup Script

    Posted Jun 30, 2009 11:29 AM

    Is your script just installing SEP (over SAV or another vendor) or checking to see if a certain verson of SEP is installed?

     



  • 5.  RE: Installing Symantec Endpoint using Startup Script

    Posted Jun 30, 2009 11:38 AM
    it should check if a certain version of SEP is installed  if not then run an executable if so goto END


  • 6.  RE: Installing Symantec Endpoint using Startup Script

    Posted Jun 30, 2009 01:04 PM
    Would it be easier to have the clients updated via the Install Packages tab on the console? This is how I upgrade my clients. I install the initial client via a startup script, but upgrade them if needed from the console.



  • 7.  RE: Installing Symantec Endpoint using Startup Script

    Posted Jun 30, 2009 01:44 PM
    umass_med has probably the best solution. Then it can also be spread out and not all happen during login or shutdown, which can be a pain anyway if MS updates are applying, etc.
    I'd rather use the script to get SEP there, then the management deal with "version updates" in the console, which can happen during hours you choose!
    You can also have your scripts create a custom registry key at install, like I do here - our images have a key that shows what version of our key software is in that image. So I can literally see what version the image was, when the image was created, who created it, what software is on it, what VERSIONS it started with, and even update those keys when software is installed or updated.
    You can even place a file in a certain folder that the install script could look for - if exist c:\work\sep-11.2.1.2 then  and so on.


  • 8.  RE: Installing Symantec Endpoint using Startup Script

    Posted Jun 30, 2009 01:58 PM
    The only way we found to determine the version installed was to query the version of key files and then process accordingly.  VBScript example for SAV 10.x:

    --------------
    strKeyPath = "SOFTWARE\INTEL\DLLUsage\VP6"
    strValueName = "C:\Program Files\Symantec Antivirus\Rtvscan.exe"
    objReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValueResult

    if strValueResult <> "10.1.5000" then ....
    --------------

    For SEP you could look at:

    strKeyPath = "SOFTWARE\Symantec\Symantec Endpoint Protection\AV\DLLUsage"
    strValueName = "C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe"